Expert reference for penetration testers. Explore vulnerability descriptions, impact analysis, remediation, and testing techniques.
Broken Access Control is the most prevalent and dangerous category of web application vulnerabilities, holding the #1 position in the OWASP Top 10 sin...
Security Misconfiguration is one of the most commonly encountered vulnerability categories in web application penetration testing. It encompasses a br...
Software Supply Chain Failures represent a growing and increasingly critical attack surface in modern web applications. This vulnerability category ad...
Cryptographic Failures, previously known as Sensitive Data Exposure, encompass all vulnerabilities related to the improper use or absence of cryptogra...
Injection vulnerabilities occur when an application sends untrusted data to an interpreter as part of a command or query without proper validation, sa...
Insecure Design is a vulnerability category that focuses on risks related to fundamental flaws in the application's architecture and design rather tha...
Identification and Authentication Failures encompass vulnerabilities that allow attackers to compromise user identities, authentication mechanisms, or...
Software and Data Integrity Failures occur when an application relies on software updates, critical data, or CI/CD pipelines without verifying their i...
Security Logging and Monitoring Failures represent the category of vulnerabilities where an application's inability to detect, record, and respond to ...
Server-Side Request Forgery (SSRF) occurs when an attacker can induce the server-side application to make HTTP requests to an arbitrary domain, IP add...
Outdated and unsupported software refers to operating systems, applications, firmware, and libraries that are no longer receiving security updates fro...
Weak and default credentials represent one of the most consistently exploited vulnerability classes in infrastructure security assessments. This vulne...
SMB (Server Message Block) signing is a security mechanism that adds a cryptographic signature to each SMB packet, ensuring message integrity and auth...
Insufficient network segmentation occurs when an organisation's network architecture fails to properly isolate systems, zones, and security domains fr...
Weak SSH (Secure Shell) configuration encompasses a range of security deficiencies in the deployment and configuration of SSH servers across infrastru...
Missing security patches refer to systems that have not been updated with vendor-released security fixes for known vulnerabilities. Unlike outdated so...
Simple Network Management Protocol (SNMP) is widely used for monitoring and managing network devices including routers, switches, firewalls, printers,...
Weak TLS (Transport Layer Security) and SSL (Secure Sockets Layer) configuration refers to the use of deprecated protocol versions, insecure cipher su...
Active Directory (AD) is the backbone of identity and access management in the vast majority of enterprise Windows environments. AD misconfigurations ...
Unnecessary network services exposed refers to systems running and exposing network-accessible services that are not required for their designated fun...
Broken Object Level Authorization (BOLA) is the most prevalent and critical API security vulnerability, consistently ranked as the top risk in the OWA...
Broken Authentication encompasses a broad class of vulnerabilities in API authentication mechanisms that allow attackers to compromise authentication ...
Excessive Data Exposure occurs when API endpoints return more data than the client application needs to function, relying on the client-side to filter...
Lack of Rate Limiting refers to the absence or inadequacy of controls that restrict the number and frequency of API requests a client can make within ...
Broken Function Level Authorization (BFLA) occurs when an API fails to enforce proper access controls on administrative or privileged function endpoin...
Mass Assignment is a vulnerability that occurs when an API endpoint automatically binds client-supplied request parameters to internal object properti...
Improper API Versioning refers to security weaknesses that arise from inadequate management of multiple API versions, including the failure to depreca...
Insufficient Logging and Monitoring refers to the failure to generate adequate audit trails for security-relevant API events and the absence of real-t...
Misconfigured Cloud Storage is one of the most common and impactful cloud security vulnerabilities, responsible for countless data breaches exposing b...
Insecure Identity and Access Management (IAM) Policies represent one of the most critical cloud security vulnerabilities, enabling attackers who gain ...
Exposed Cloud Metadata Services is a high-severity vulnerability that allows attackers to access the instance metadata service (IMDS) available on clo...
Insecure Serverless Functions encompass a range of vulnerabilities specific to Function-as-a-Service (FaaS) platforms such as AWS Lambda, Google Cloud...
Missing Cloud Logging and Monitoring refers to the failure to enable, configure, and actively monitor the logging and auditing capabilities provided b...
Overly Permissive Security Groups is a cloud network security vulnerability where virtual firewall rules (security groups in AWS, firewall rules in GC...
Insecure Data Storage is one of the most prevalent and impactful mobile application vulnerabilities, ranked consistently in the OWASP Mobile Top 10. T...
Insufficient Transport Layer Security in mobile applications refers to failures in implementing secure network communications, enabling attackers to i...
Insecure Authentication in mobile applications encompasses vulnerabilities in how mobile apps verify user identity, manage authentication sessions, an...
Hardcoded Secrets and API Keys is a critical mobile security vulnerability where sensitive credentials—API keys, encryption keys, OAuth client secrets...
Lack of Binary Protections refers to the absence of technical measures that protect mobile application binaries from reverse engineering, code analysi...
Default and Weak IoT Credentials is the most critical and widely exploited IoT security vulnerability, responsible for the recruitment of millions of ...
Insecure Firmware Updates is a high-severity IoT vulnerability encompassing flaws in how IoT devices receive, validate, and apply firmware updates. Fi...
Lack of IoT Network Segmentation refers to the deployment of IoT devices on the same network segments as critical business systems, sensitive data sto...
Insecure IoT Communication Protocols is a high-severity vulnerability category covering the use of unencrypted, unauthenticated, or weakly-secured com...
43 of 43 vulnerabilities