Insecure Interaction between Components
- 89 – Improper neutralization of SQL [SQL Injection]
- 78 – OS Command Injection
- 79 – XSS
- 434 – Unrestricted file uploads
- 352 – CSRF
- 601 – Open redirect [URL redirects to un-trusted site]
Risky Resource Management
- 120 – Buffer Overflow
- 22 – Path Traversal
- 494 – Download of code without integrity check
- 829 – Untrusted functionality inclusion
- 676 – Using potentially dangerous functions.
- 131 – incorrect calculation of buffer size.
- 134 – Uncontrolled format string
- 190 – integer overflow or wrap around
Porous Defenses
- 306 – missing authentication of critical function
- 862 – missing authorization
- 798 – using hard-coded passwords
- 311 – missing encryption
- 807 – untrusted input
- 250 – unnecessary privileges
- 863 – incorrect authorization
- 732 – incorrect permission assignment for critical resources
- 327 – Using broken / Risky cryptographic algorithm
- 307 – unrestricted authentication attempts
- 759 – using one way hash without SALT.