DEV Community

Cover image for Exploring 100 Web Vulnerabilities:
Manikanta Suru
Manikanta Suru

Posted on

Exploring 100 Web Vulnerabilities:

#security #cloudsecurity #testing

๐Ÿ” Cybersecurity has never been more critical in an age where the digital landscape is the backbone of our daily lives.

๐Ÿ’ป With its sprawling network of interconnected sites and applications, the web is a breeding ground for vulnerabilities that malicious actors can exploit.

๐ŸŒ In this blog post, we dive deep into the world of web vulnerabilities, presenting a comprehensive list of 100, thoughtfully categorized into various types.

๐Ÿ›ก๏ธ Whether youโ€™re a cybersecurity enthusiast, a web developer, or just someone curious about online security, this resource will shed light on the diverse threats lurking on the web and help you better understand how to protect yourself and your digital assets.

100-web-vulnerabilities-names- categorized into various types

Injection Vulnerabilities

  1. SQL Injection (SQLi)
  2. Cross-Site Scripting (XSS)
  3. Cross-Site Request Forgery (CSRF)
  4. Remote Code Execution (RCE)
  5. Command Injection
  6. XML Injection
  7. LDAP Injection
  8. XPath Injection
  9. HTML Injection
  10. Server-Side Includes (SSI) Injection
  11. OS Command Injection
  12. Blind SQL Injection
  13. Server-Side Template Injection (SSTI) # Broken Authentication and Session Management:
  14. Session Fixation
  15. Brute Force Attack
  16. Session Hijacking
  17. Password Cracking
  18. Weak Password Storage
  19. Insecure Authentication
  20. Cookie Theft
  21. Credential Reuse # Sensitive Data Exposure:
  22. Inadequate Encryption
  23. Insecure Direct Object References (IDOR)
  24. Data Leakage
  25. Unencrypted Data Storage
  26. Missing Security Headers
  27. Insecure File Handling # Security Misconfiguration:
  28. Default Passwords
  29. Directory Listing
  30. Unprotected API Endpoints
  31. Open Ports and Services
  32. Improper Access Controls
  33. Information Disclosure
  34. Unpatched Software
  35. Misconfigured CORS
  36. HTTP Security Headers Misconfiguration # XML-Related Vulnerabilities:
  37. XML External Entity (XXE) Injection
  38. XML Entity Expansion (XEE)
  39. XML Bomb # Broken Access Control:
  40. Inadequate Authorization
  41. Privilege Escalation
  42. Insecure Direct Object References
  43. Forceful Browsing
  44. Missing Function-Level Access Control # Insecure Deserialization:
  45. Remote Code Execution via Deserialization
  46. Data Tampering
  47. Object Injection # API Security Issues:
  48. Insecure API Endpoints
  49. API Key Exposure
  50. Lack of Rate Limiting
  51. Inadequate Input Validation # Insecure Communication:
  52. Man-in-the-Middle (MITM) Attack
  53. Insufficient Transport Layer Security
  54. Insecure SSL/TLS Configuration
  55. Insecure Communication Protocols # Client-Side Vulnerabilities:
  56. DOM-based XSS
  57. Insecure Cross-Origin Communication
  58. Browser Cache Poisoning
  59. Clickjacking
  60. HTML5 Security Issues # Denial of Service (DoS):
  61. Distributed Denial of Service (DDoS)
  62. Application Layer DoS
  63. Resource Exhaustion
  64. Slowloris Attack
  65. XML Denial of Service # Other Web Vulnerabilities:
  66. Server-Side Request Forgery (SSRF)
  67. HTTP Parameter Pollution (HPP)
  68. Insecure Redirects and Forwards
  69. File Inclusion Vulnerabilities
  70. Security Header Bypass
  71. Clickjacking
  72. Inadequate Session Timeout
  73. Insufficient Logging and Monitoring
  74. Business Logic Vulnerabilities
  75. API Abuse # Mobile Web Vulnerabilities:
  76. Insecure Data Storage on Mobile Devices
  77. Insecure Data Transmission on Mobile Devices
  78. Insecure Mobile API Endpoints
  79. Mobile App Reverse Engineering # IoT Web Vulnerabilities:
  80. Insecure IoT Device Management
  81. Weak Authentication on IoT Devices
  82. IoT Device Vulnerabilities # Web of Things (WoT) Vulnerabilities:
  83. Unauthorized Access to Smart Homes
  84. IoT Data Privacy Issues # Authentication Bypass:
  85. Insecure "Remember Me" Functionality
  86. CAPTCHA Bypass # Server-Side Request Forgery (SSRF):
  87. Blind SSRF
  88. Time-Based Blind SSRF # Content Spoofing:
  89. MIME Sniffing
  90. X-Content-Type-Options Bypass
  91. Content Security Policy (CSP) Bypass # Business Logic Flaws:
  92. Inconsistent Validation
  93. Race Conditions
  94. Order Processing Vulnerabilities
  95. Price Manipulation
  96. Account Enumeration
  97. User-Based Flaws # Zero-Day Vulnerabilities:
  98. Unknown Vulnerabilities
  99. Unpatched Vulnerabilities
  100. Day-Zero Exploits

๐Ÿ‘‰ info:- https://github.com/manikanta-suru/100-web-vulnerabilities-names-#client-side-vulnerabilities

Top comments (0)

Read next

muhammadmp profile image

How to test the die() function?

Muhammad MP -

abhayit2000 profile image

A Complete Guide to iOS App Testing

Abhay Chaturvedi -

jphutchins profile image

Building a Universally Portable Python App

JP Hutchins -

schalkneethling profile image

You're Installing Node.js Wrong. That's OK, Here Is How To Fix It ๐Ÿ™Œ

Schalk Neethling -