- SQL/NoSQL Injection
- Cross-Site Scripting
- Cross-Site Request Forgery
- User Enumeration
- Missing Brute Force Protection
- Credentials over Unencrypted Communication Channel
- Authentication Bypass
- Sensitive Information Disclosure
- Server-Side Injection Attacks
- Response Manipulation
- Parameter Pollution/Mass Assignment
- Insecure Direct Object Reference