Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
4 views3 pages

Comprehensive Web Vulnerabilities OWASP2021

Uploaded by

abhishekchandra757.hitcsecs2020
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
4 views3 pages

Comprehensive Web Vulnerabilities OWASP2021

Uploaded by

abhishekchandra757.hitcsecs2020
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Comprehensive Web Security Vulnerabilities (Mapped to OWASP Top 10 - 202

A01:2021 - Broken Access Control

- Privilege Escalation

- Insecure Direct Object References (IDOR)

- Forced Browsing

- Directory Traversal

- LFI/RFI (when used to access unauthorized files)

- URL Redirect (Open Redirect)

A02:2021 - Cryptographic Failures

- Improper encryption or weak cryptographic algorithms

- Use of HTTP instead of HTTPS

- Exposed sensitive data in transit or at rest

- Weak JWT (JSON Web Token) signing or validation

- Improper handling of SAML assertions or OAuth tokens

A03:2021 - Injection

- SQL Injection (SQLi)

- Command Injection

- LDAP Injection

- Cross-Site Scripting (XSS)

- LFI/RFI (as file inclusion injection)

- XML Injection

- JSON Injection

- XXE (XML External Entity Injection)

- Server-Side Template Injection (SSTI)


A04:2021 - Insecure Design

- Business Logic Flaws

- Insecure Workflow

- Client-Side Enforcement of Server Logic

- Lack of Rate Limiting

- Missing Threat Modeling

- Insecure Defaults

- Improper OAuth/SAML flows or designs

A05:2021 - Security Misconfiguration

- Verbose Banner

- Stack Trace/Error Disclosure

- Default Credentials

- Unnecessary Services Enabled

- HTTP Request Smuggling

- Host Header Injection

- Web Cache Poisoning

- Improper File Upload Restrictions

A06:2021 - Vulnerable and Outdated Components

- Use of outdated libraries or software

- Unpatched known vulnerabilities

A07:2021 - Identification and Authentication Failures

- Broken Authentication

- Session Fixation

- Brute Force Attacks

- Weak or predictable credentials


- Improper implementation of OAuth/JWT/SAML authentication

A08:2021 - Software and Data Integrity Failures

- Insecure Deserialization

- CI/CD pipeline exploits

- Trusting unsigned or unverified software updates

- Dependency Confusion / Typosquatting Attacks

- Lack of File Integrity Validation

- Processing untrusted file uploads or archives

A09:2021 - Security Logging and Monitoring Failures

- No alerts/logs after exploitation

- Missing login failure alerts

A10:2021 - Server-Side Request Forgery (SSRF)

- SSRF attacks via manipulated URLs or request headers

Other Important Vulnerabilities (Mapped or Deprecated)

- Cross-Site Request Forgery (CSRF) - previously OWASP A08:2017

- Anti-Automation Controls Missing (e.g., CAPTCHA, rate limiting on login)

You might also like