- SQL Injection
- Command Injection
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities
- Broken Access Control
- Security Misconfiguration
- Cross Site Scripting
- Insecure Deserialization
- Using Components with known vulnerabilities
- Insufficient logging & monitoring