Broken Authentication -> Unencrypted Communication If application allows users to connect to it over unencrypted connections(http). An attacker suitably positioned to view a legitimate user’s n...

Broken Authentication -> Forgot Password - Bad Questions A security question is form of shared secret used as an authenticator. It is used as an extra security layer. Exploitation This weba...

Session hijacking : Predictable session token Session prediction attack focuses on predicting session ID values that permit an attacker to bypass the authentication schema of an application. By an...

Broken Authentication : Bruteforce A brute force attack uses trial-and-error to guess login info, encryption keys, or find a hidden web page. Hackers work through all possible combinations hoping ...

Broken Access Control: IDOR -> Order Insecure Direct Object References (IDOR) occur when an application provides direct access to objects based on user-supplied input. It allows attackers to by...

Broken Access Control: IDOR -> Access File Insecure Direct Object References (IDOR) occur when an application provides direct access to objects based on user-supplied input. It allows attackers...

Broken Access Control: IDOR -> View Profile Insecure Direct Object References (IDOR) occur when an application provides direct access to objects based on user-supplied input. It allows attacker...

Broken Access Control: Missing Function Level Access Control (MFLAC) Missing function level authorization security vulnerability occurs when there are insufficient authorization checks for sensiti...

XXE - XML External Entity XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entit...

Open Redirection Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL w...