The 100

I have come across a comprehensive categorization of 100 web vulnerabilities. It broadly covers a range of vulnerabilities that are recognized in web applications and related technologies. The categories and some key vulnerabilities are:

Injection Vulnerabilities

This category includes various types of injection flaws where untrusted data is sent to an interpreter as part of a command or query, like SQL, XML, or code injections. These are common and dangerous vulnerabilities.

  1. SQL Injection (SQLi)
  2. Cross-Site Scripting (XSS)
  3. Cross-Site Request Forgery (CSRF)
  4. Remote Code Execution (RCE)
  5. Command Injection
  6. XML Injection
  7. LDAP Injection
  8. XPath Injection
  9. HTML Injection
  10. Server-Side Includes (SSI) Injection
  11. OS Command Injection
  12. Blind SQL Injection
  13. Server-Side Template Injection (SSTI)

Broken Authentication and Session Management

These vulnerabilities are related to flaws in authentication and session management functions, making it possible to compromise passwords, keys, or session tokens.

  1. Session Fixation
  2. Brute Force Attack
  3. Session Hijacking
  4. Password Cracking
  5. Weak Password Storage
  6. Insecure Authentication
  7. Cookie Theft
  8. Credential Reuse

Sensitive Data Exposure

Involves improper protection of sensitive data, like personal information, leading to risks of data theft.

  1. Inadequate Encryption
  2. Insecure Direct Object References (IDOR)
  3. Data Leakage
  4. Unencrypted Data Storage
  5. Missing Security Headers
  6. Insecure File Handling

Security Misconfiguration

Commonly occurs due to insecure default configurations, incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information.

  1. Default Passwords
  2. Directory Listing
  3. Unprotected API Endpoints
  4. Open Ports and Services
  5. Improper Access Controls
  6. Information Disclosure
  7. Unpatched Software
  8. Misconfigured CORS
  9. HTTP Security Headers Misconfiguration

Specific to the handling of XML data and can lead to significant security issues.

  1. XML External Entity (XXE) Injection
  2. XML Entity Expansion (XEE)
  3. XML Bomb

Broken Access Control

This category includes vulnerabilities where restrictions on what authenticated users are allowed to do are not properly enforced.

  1. Inadequate Authorization
  2. Privilege Escalation
  3. Insecure Direct Object References
  4. Forceful Browsing
  5. Missing Function-Level Access Control

Insecure Deserialization

This can lead to remote code execution, replay attacks, injection attacks, and privilege escalation attacks.

  1. Remote Code Execution via Deserialization
  2. Data Tampering
  3. Object Injection

API Security Issues

Pertains to vulnerabilities specifically in API (Application Programming Interface) implementations.

  1. Insecure API Endpoints
  2. API Key Exposure
  3. Lack of Rate Limiting
  4. Inadequate Input Validation

Insecure Communication

Relates to vulnerabilities where data in transit is not adequately secured, allowing attackers to intercept or modify data.

  1. Man-in-the-Middle (MITM) Attack
  2. Insufficient Transport Layer Security
  3. Insecure SSL/TLS Configuration
  4. Insecure Communication Protocols

Client-Side Vulnerabilities

Focuses on vulnerabilities that exist in the client-side code of web applications.

  1. DOM-based XSS
  2. Insecure Cross-Origin Communication
  3. Browser Cache Poisoning
  4. Clickjacking
  5. HTML5 Security Issues

Denial of Service (DoS)

These attacks aim to make a machine or network resource unavailable to its intended users.

  1. Distributed Denial of Service (DDoS)
  2. Application Layer DoS
  3. Resource Exhaustion
  4. Slowloris Attack
  5. XML Denial of Service

Other Web Vulnerabilities

A broad category covering various other types of vulnerabilities.

  1. Server-Side Request Forgery (SSRF)
  2. HTTP Parameter Pollution (HPP)
  3. Insecure Redirects and Forwards
  4. File Inclusion Vulnerabilities
  5. Security Header Bypass
  6. Clickjacking
  7. Inadequate Session Timeout
  8. Insufficient Logging and Monitoring
  9. Business Logic Vulnerabilities
  10. API Abuse

Mobile Web Vulnerabilities

Specific to web applications running on mobile devices.

  1. Insecure Data Storage on Mobile Devices
  2. Insecure Data Transmission on Mobile Devices
  3. Insecure Mobile API Endpoints
  4. Mobile App Reverse Engineering

IoT Web Vulnerabilities

Related to the unique security challenges posed by Internet of Things (IoT) devices.

  1. Insecure IoT Device Management
  2. Weak Authentication on IoT Devices
  3. IoT Device Vulnerabilities

Web of Things (WoT) Vulnerabilities

Focuses on vulnerabilities in the Web of Things, which extends the IoT with web technologies.

  1. Unauthorized Access to Smart Homes
  2. IoT Data Privacy Issues

Authentication Bypass

Concerns vulnerabilities that allow attackers to bypass authentication mechanisms.

  1. Insecure “Remember Me” Functionality
  2. CAPTCHA Bypass

Server-Side Request Forgery (SSRF)

Involves sending forged requests from a vulnerable server to another system.

  1. Blind SSR
  2. Time-Based Blind SSRF

Content Spoofing

Refers to the ability of an attacker to create a piece of content on a website that is not part of the original site.

  1. MIME Sniffing
  2. X-Content-Type-Options Bypass
  3. Content Security Policy (CSP) Bypass

Business Logic Flaws

Involves exploiting the legitimate processing flows of an application to achieve a malicious outcome.

  1. Inconsistent Validation
  2. Race Conditions
  3. Order Processing Vulnerabilities
  4. Price Manipulation
  5. Account Enumeration
  6. User-Based Flaws

Zero-Day Vulnerabilities

Refers to vulnerabilities that are unknown to the parties responsible for patching or fixing the flaw.

  1. Unknown Vulnerabilities
  2. Unpatched Vulnerabilities
  3. Day-Zero Exploits