Vulnerabilities

 Race conditions

 Overflows

  Buffer

  Integer

 Broken authentication

 Unsecure references

 Poor exception handling

 Security misconfiguration

 Improper headers

 Information disclosure

 Certificate errors

 Weak cryptography implementations

 Weak ciphers

 Weak cipher suite implementations

 Software composition analysis

 Use of vulnerable frameworks and software modules

 Use of unsafe functions

 Third-party libraries

  Dependencies

  Code injections/malicious changes

  End of support/end of life

  Regression issues

Inherently vulnerable system/application

 Client-side processing vs. server-side processing

 JSON/representational state transfer (REST)

 Browser extensions

  Flash

  ActiveX

 Hypertext Markup Language 5 (HTML5)

 Asynchronous JavaScript and XML (AJAX)

 Simple Object Access Protocol (SOAP)

 Machine code vs. bytecode or interpreted vs. emulated

Attacks

 Directory traversal

 Cross-site scripting (XSS)

 Cross-site request forgery (CSRF)

 Injection

  XML

  LDAP

  Structured Query Language (SQL)

  Command

  Process

 Sandbox escape

 Virtual machine (VM) hopping

 VM escape

 Border Gateway Protocol (BGP)/route hijacking

 Interception attacks

 Denial-of-service (DoS)/DDoS

 Authentication bypass

 Social engineering

 VLAN hopping