Discover published sets by community

An attack against an application that parses XML input. This can include disclosing local files, causing DoS, and SSRF attacks. Mitigation includes disabling external entity and DTD processing in all XML parsers.

An attack technique that exploits a security vulnerability occurring in the database layer of an application. Mitigation includes using prepared statements and parameterized queries.

A condition where the system's substantive behavior is dependent on the sequence or timing of other uncontrollable events. Mitigation includes proper synchronization, atomic transactions, and thread-safe coding practices.

Web applications frequently redirect and forward users to other pages or websites, and attackers can exploit these unvalidated redirects. Mitigation includes avoiding such redirects if possible, and validating URLs to only allow whitelisted destinations.

Involves unauthorized access to protected data such as financial, healthcare, or personal information. Mitigation includes encrypting data at rest and in transit, and not storing sensitive data unnecessarily.

A vulnerability that occurs when untrusted data is used to abuse the logic of an application. Mitigation includes using safe serialization libraries and validating serialized objects.

Occurs when an attacker introduces malicious code into a program. Mitigation includes input validation, output encoding, and use of appropriate security mechanisms in the programming language.

Allows an attacker to execute arbitrary code on a target machine or in a target process. Mitigation includes input validation, keeping software updated, and using least privilege principles.

Occurs when a program writes more data to a buffer than it was intended to hold. Mitigation includes using memory-safe programming languages and functions, stack canaries, and Address Space Layout Randomization (ASLR).

Using components with known vulnerabilities, leading to a weak link in the application. Mitigation involves keeping components updated and regularly checking for vulnerabilities in dependencies.

A web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. Mitigation includes using anti-CSRF tokens and SameSite cookie attributes.

A security flaw that arises when an application provides direct access to objects based on user input. Mitigation includes proper access control checks and avoiding exposure of direct references to internal implementation objects.

Failing to adequately protect sensitive data with proper encryption or hashing. Mitigation includes using strong cryptographic algorithms and properly managing keys.

An exploitation where the attacker can make the application send a crafted request to an unexpected destination. Mitigation includes validation of user input, not passing raw responses to interpreters, and restricting server request targets.

An HTTP exploit that allows attackers to access restricted directories and execute commands outside of the web server's root directory. Mitigation includes input validation, user access control, and use of chroot jails for file access.

Failure to implement proper restrictions on what authenticated users are allowed to do. Mitigation includes enforcing least privilege principles, using access control lists, and proper authentication checks before performing sensitive operations.

Occurs when attackers are able to compromise passwords, keys, or session tokens, or exploit other implementation flaws to assume users' identities. Mitigation includes multi-factor authentication, strong password policies, and secure session management.

Inadequate logging of events and lack of monitoring systems that could detect or alert on malicious activities. Mitigation includes implementing comprehensive logging and real-time monitoring, along with incident response plans.

Inclusion of sensitive information like passwords or secret keys directly within source code. Mitigation includes using environment variables, secure vaults, or configuration files to handle credentials.

Occurs when an attacker secretly relays or alters the communication between two parties who believe they are directly communicating with each other. Mitigation includes using HTTPS encryption, certificate pinning, and strong mutual authentication.

A type of injection where malicious scripts are injected into trusted websites. Mitigation includes using Content Security Policy, validating and sanitizing user input, and using appropriate response headers.

The exploitation of a valid computer session to gain unauthorized access to information or services in a computer system. Mitigation includes using HTTPS, secure cookies, and implementing proper session management.

A technique where the attacker tricks a user into clicking on something different from what the user perceives. Mitigation includes using the X-Frame-Options header, framebusting scripts, and Content Security Policy (CSP).

Occurs when security settings are defined, implemented, and maintained as defaults. Mitigation includes regular reviews of security configurations and least privilege access policies.