SQL Injection

SQL injection is a type of injection attackers, can run arbitrary commands against your database.

Learn about this vulnerability

Cross-Site Scripting

If your site allows users to add content, you need to be sure that attackers cannot inject malicious JavaScript.

Learn about this vulnerability

Command Execution

If your application calls out to the OS, you need to be sure command strings are securely constructed

Learn about this vulnerability

Clickjacking

As an application author, you need to be sure your users aren't having their clicks stolen by attackers.

Learn about this vulnerability

Cross-Site Request Forgery

If an attacker can forge HTTP requests to your site, they may be able to trick your users into triggering unintended actions.

Learn about this vulnerability

Directory Traversal

Ensure file paths are safely interpreted, or hackers can access sensitive files on your server.

Learn about this vulnerability

Reflected XSS

When building a website, you need to be sure you do not accidentally create a channel that allows malicious JavaScript to be bounced off your server.

Learn about this vulnerability

DOM-based XSS

If you make use of URI fragments in your site, you need to ensure they cannot be abused to inject malicious JavaScript.

Learn about this vulnerability

File Upload Vulnerabilities

File uploads are an easy way for an attacker to inject malicious code into your application.

Learn about this vulnerability

Broken Access Control

All resources on your site need to have access control implemented, even if they aren't intended to be discoverable by a user.

Learn about this vulnerability

Open Redirects

Most web-applications make use of redirects. If your site forwards to URLs supplied in a query string, you could be enabling phishing attacks.

Learn about this vulnerability

Unencrypted Communication

Insufficient encryption can make you vulnerable to monster-in-the-middle attacks.

Learn about this vulnerability