2021
- Broken Access Control
- Cryptographic failures
- Injection Attack
- Insecure Design
- Device Misconfiguation
- Vulnerable and outdated components
- IAM failures
- Software and data integrity failure
- Security logging and monitoring failures
- SSRF
2017
- Injection Attack
- IAM failures
- Sensitive Data exposure
- XML External Entity
- Broken Access Control
- Device Misconfiguation
- Cross Site Scripting
- Insecure Deserialization
- Using components with known vulnerabilities
- Insufficient logging and monitoring