Broken Access Control

Users can access resources or functions they shouldn’t. Exploits may let attackers view, modify, or delete data without permission.

Cryptographic Failures

Sensitive data (passwords, credit cards, personal info) isn't properly encrypted or protected, making it easy to steal or manipulate

SQL Injection Lab

Malicious data (e.g., SQL, NoSQL, OS commands) is sent to the interpreter, allowing attackers to manipulate queries or execute commands.

Insecure Design

Security weaknesses result from poor architecture or lack of secure design patterns, leaving systems vulnerable by default.

Security Misconfigurations

Improperly configured servers, databases, or frameworks expose sensitive data or functionality unintentionally.

Vulnerable and Outdated Components

Using old or unpatched libraries, frameworks, or software introduces known exploits into the application.

Identification and Authentication Failures

Flaws in login, password management, or session handling let attackers impersonate users or escalate privileges.

Software and Data Integrity Failures

Applications rely on unverified or tampered code and data (e.g., CI/CD pipelines, deserialization issues), risking compromise.

Security Logging and Monitoring Failures

Insufficient logging and monitoring make it difficult to detect attacks, respond to incidents, or conduct forensic analysis.

Server-Side Request Forgery

Attackers trick the server into making requests to unintended internal or external resources, potentially exposing sensitive systems.