1. Injection flaws:
SQL, OS, and LDAP is the example of Injection flaws. When Injection flaws occur due to unsafe data sent to an interpreter in the type of command or query, the attackers can trick the data from the interpreter into executing unwanted commands or accessing data without proper authorization.
2. Broken authentication:
When authentication functions are not implemented correctly, it leads to attackers to compromise keys, passwords to exploit the user’s details.
3. Cross-site scripting:
When an application takes untrusted data to the web browser without proper validation check, cross-site scripting allows attackers to run the scripts in the attacked browser which leads to the copy of the website, or steal the user’s session and redirect the user to affected sites.
4. Insecure Direct Object Reference:
When a developer reveals a reference to an internal implementation object like that files, directory without the proper protection, the attackers can use this reference to access the unauthorized data.
5. Sensitive Data Exposure:
Some web application does not protect sensitive data properly such as credit card details, usernames, and password. This leads to attackers to theft the details and misuses the user’s credentials, so the sensitive data needs high protection like encryption techniques.