Application-Based Attacks Injections SQL HTML Command Code Authentication Credential Brute Forcing Comments In Source Code Lack of Error Handling Overly Verbose Error Handling Hard-Coded Credentials Race Conditions Unauthorized Use of Functions/Unportected APIs Hidden Elements Sensitive Information in the DOM Lack of Code Signing
