|
|
|
A2 - Broken Authentication and Session Management
|
A2 - Broken Authentication
|
A2 - Broken Authentication
|
A3 - Cross-Site Scripting (XSS)
|
A3 - Sensitive Data Exposure
|
A3 - Cross site scripting (XSS)
|
A4 - Insecure Direct Object References
|
A4 - XML External Entities (XXE)
|
A4 - Sensitive Data Exposure
|
A5 - Security Misconfiguration
|
A5 - Broken Access Control [merged]
|
A5 - Insecure deserialization
|
A6 - Sensitive Data Exposure
|
A6 - Security Misconfiguration
|
A6 - Broken access control
|
A7 - Missing Function Level Access Control
|
A7 - Cross Site Scripting (XSS)
|
A7 - Insufficient logging and monitoring
|
A8 - Cross-Site Request Forgery (CSRF)
|
A8 - Insecure Deserialization
|
A8 - Server Side Request Forgery
|
A9 - Using Known Vulnerable Components
|
A9 - Using Components with Known Vulnerabilities
|
A9 - Using components with known vulnerabilities
|
A10 - Unvalidated Redirects and Forwards
|
A10 - Insufficient Logging &Monitoring
|
A10 - Security misconfigurations
|