๐ Cybersecurity has never been more critical in an age where the digital landscape is the backbone of our daily lives.
๐ป With its sprawling network of interconnected sites and applications, the web is a breeding ground for vulnerabilities that malicious actors can exploit.
๐ In this blog post, we dive deep into the world of web vulnerabilities, presenting a comprehensive list of 100, thoughtfully categorized into various types.
๐ก๏ธ Whether youโre a cybersecurity enthusiast, a web developer, or just someone curious about online security, this resource will shed light on the diverse threats lurking on the web and help you better understand how to protect yourself and your digital assets.
100-web-vulnerabilities-names- categorized into various types
Injection Vulnerabilities
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Remote Code Execution (RCE)
- Command Injection
- XML Injection
- LDAP Injection
- XPath Injection
- HTML Injection
- Server-Side Includes (SSI) Injection
- OS Command Injection
- Blind SQL Injection
- Server-Side Template Injection (SSTI) # Broken Authentication and Session Management:
- Session Fixation
- Brute Force Attack
- Session Hijacking
- Password Cracking
- Weak Password Storage
- Insecure Authentication
- Cookie Theft
- Credential Reuse # Sensitive Data Exposure:
- Inadequate Encryption
- Insecure Direct Object References (IDOR)
- Data Leakage
- Unencrypted Data Storage
- Missing Security Headers
- Insecure File Handling # Security Misconfiguration:
- Default Passwords
- Directory Listing
- Unprotected API Endpoints
- Open Ports and Services
- Improper Access Controls
- Information Disclosure
- Unpatched Software
- Misconfigured CORS
- HTTP Security Headers Misconfiguration # XML-Related Vulnerabilities:
- XML External Entity (XXE) Injection
- XML Entity Expansion (XEE)
- XML Bomb # Broken Access Control:
- Inadequate Authorization
- Privilege Escalation
- Insecure Direct Object References
- Forceful Browsing
- Missing Function-Level Access Control # Insecure Deserialization:
- Remote Code Execution via Deserialization
- Data Tampering
- Object Injection # API Security Issues:
- Insecure API Endpoints
- API Key Exposure
- Lack of Rate Limiting
- Inadequate Input Validation # Insecure Communication:
- Man-in-the-Middle (MITM) Attack
- Insufficient Transport Layer Security
- Insecure SSL/TLS Configuration
- Insecure Communication Protocols # Client-Side Vulnerabilities:
- DOM-based XSS
- Insecure Cross-Origin Communication
- Browser Cache Poisoning
- Clickjacking
- HTML5 Security Issues # Denial of Service (DoS):
- Distributed Denial of Service (DDoS)
- Application Layer DoS
- Resource Exhaustion
- Slowloris Attack
- XML Denial of Service # Other Web Vulnerabilities:
- Server-Side Request Forgery (SSRF)
- HTTP Parameter Pollution (HPP)
- Insecure Redirects and Forwards
- File Inclusion Vulnerabilities
- Security Header Bypass
- Clickjacking
- Inadequate Session Timeout
- Insufficient Logging and Monitoring
- Business Logic Vulnerabilities
- API Abuse # Mobile Web Vulnerabilities:
- Insecure Data Storage on Mobile Devices
- Insecure Data Transmission on Mobile Devices
- Insecure Mobile API Endpoints
- Mobile App Reverse Engineering # IoT Web Vulnerabilities:
- Insecure IoT Device Management
- Weak Authentication on IoT Devices
- IoT Device Vulnerabilities # Web of Things (WoT) Vulnerabilities:
- Unauthorized Access to Smart Homes
- IoT Data Privacy Issues # Authentication Bypass:
- Insecure "Remember Me" Functionality
- CAPTCHA Bypass # Server-Side Request Forgery (SSRF):
- Blind SSRF
- Time-Based Blind SSRF # Content Spoofing:
- MIME Sniffing
- X-Content-Type-Options Bypass
- Content Security Policy (CSP) Bypass # Business Logic Flaws:
- Inconsistent Validation
- Race Conditions
- Order Processing Vulnerabilities
- Price Manipulation
- Account Enumeration
- User-Based Flaws # Zero-Day Vulnerabilities:
- Unknown Vulnerabilities
- Unpatched Vulnerabilities
- Day-Zero Exploits
๐ info:- https://github.com/manikanta-suru/100-web-vulnerabilities-names-#client-side-vulnerabilities
Top comments (0)