1. Insecure Interaction Between Components
   1. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
   2. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
   3. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
   4. Unrestricted Upload of File with Dangerous Type
   5. Cross-Site Request Forgery (CSRF)
   6. URL Redirection to Untrusted Site ('Open Redirect')
2. Risky Resource Management
   1. Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
   2. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
   3. Download of Code Without Integrity Check
   4. Inclusion of Functionality from Untrusted Control Sphere
   5. Use of Potentially Dangerous Function
   6. Incorrect Calculation of Buffer Size
   7. Uncontrolled Format String
   8. Integer Overflow or Wraparound
3. Porous Defenses
   1. Missing Authentication for Critical Function
   2. Missing Authorization
   3. Use of Hard-coded Credentials
   4. Missing Encryption of Sensitive Data
   5. Reliance on Untrusted Inputs in a Security Decision
   6. Execution with Unnecessary Privileges
   7. Incorrect Authorization
   8. Incorrect Permission Assignment for Critical Resource
   9. Use of a Broken or Risky Cryptographic Algorithm
   10. Improper Restriction of Excessive Authentication Attempts
   11. Use of a One-Way Hash without a Salt