Discover published sets by community

A security flaw that arises when an application provides direct access to objects based on user input. Mitigation includes proper access control checks and avoiding exposure of direct references to internal implementation objects.

An HTTP exploit that allows attackers to access restricted directories and execute commands outside of the web server's root directory. Mitigation includes input validation, user access control, and use of chroot jails for file access.

Occurs when an attacker secretly relays or alters the communication between two parties who believe they are directly communicating with each other. Mitigation includes using HTTPS encryption, certificate pinning, and strong mutual authentication.

Occurs when a program writes more data to a buffer than it was intended to hold. Mitigation includes using memory-safe programming languages and functions, stack canaries, and Address Space Layout Randomization (ASLR).

Inclusion of sensitive information like passwords or secret keys directly within source code. Mitigation includes using environment variables, secure vaults, or configuration files to handle credentials.

Occurs when attackers are able to compromise passwords, keys, or session tokens, or exploit other implementation flaws to assume users' identities. Mitigation includes multi-factor authentication, strong password policies, and secure session management.

The exploitation of a valid computer session to gain unauthorized access to information or services in a computer system. Mitigation includes using HTTPS, secure cookies, and implementing proper session management.

An attack against an application that parses XML input. This can include disclosing local files, causing DoS, and SSRF attacks. Mitigation includes disabling external entity and DTD processing in all XML parsers.

A condition where the system's substantive behavior is dependent on the sequence or timing of other uncontrollable events. Mitigation includes proper synchronization, atomic transactions, and thread-safe coding practices.

An attack technique that exploits a security vulnerability occurring in the database layer of an application. Mitigation includes using prepared statements and parameterized queries.

A web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. Mitigation includes using anti-CSRF tokens and SameSite cookie attributes.

Allows an attacker to execute arbitrary code on a target machine or in a target process. Mitigation includes input validation, keeping software updated, and using least privilege principles.

Revealing too much information to the users through error messages, which can lead to further exploitation. Mitigation includes configuring error handling to prevent stack traces from being displayed and implementing custom error pages.

Using components with known vulnerabilities, leading to a weak link in the application. Mitigation involves keeping components updated and regularly checking for vulnerabilities in dependencies.

Failing to adequately protect sensitive data with proper encryption or hashing. Mitigation includes using strong cryptographic algorithms and properly managing keys.

Occurs when an attacker introduces malicious code into a program. Mitigation includes input validation, output encoding, and use of appropriate security mechanisms in the programming language.

Inadequate logging of events and lack of monitoring systems that could detect or alert on malicious activities. Mitigation includes implementing comprehensive logging and real-time monitoring, along with incident response plans.

Occurs when security settings are defined, implemented, and maintained as defaults. Mitigation includes regular reviews of security configurations and least privilege access policies.

Involves unauthorized access to protected data such as financial, healthcare, or personal information. Mitigation includes encrypting data at rest and in transit, and not storing sensitive data unnecessarily.

A vulnerability that occurs when untrusted data is used to abuse the logic of an application. Mitigation includes using safe serialization libraries and validating serialized objects.

Web applications frequently redirect and forward users to other pages or websites, and attackers can exploit these unvalidated redirects. Mitigation includes avoiding such redirects if possible, and validating URLs to only allow whitelisted destinations.

A type of injection where malicious scripts are injected into trusted websites. Mitigation includes using Content Security Policy, validating and sanitizing user input, and using appropriate response headers.

Failure to implement proper restrictions on what authenticated users are allowed to do. Mitigation includes enforcing least privilege principles, using access control lists, and proper authentication checks before performing sensitive operations.

An exploitation where the attacker can make the application send a crafted request to an unexpected destination. Mitigation includes validation of user input, not passing raw responses to interpreters, and restricting server request targets.