Scribd
Upload
31 views5 pages

Cybersecurity Vulnerability Guide

The document outlines various security vulnerabilities categorized by priority levels (P1 to P5) based on the OWASP Top Ten and Bugcrowd Extras. It includes specific vulnerability names and affected functions, highlighting issues such as server security misconfiguration, server-side injection, broken authentication, sensitive data exposure, and cross-site scripting. Each vulnerability is detailed with potential impacts and examples, emphasizing the importance of addressing these security concerns.

Uploaded by

Robert
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
31 views5 pages

Cybersecurity Vulnerability Guide

The document outlines various security vulnerabilities categorized by priority levels (P1 to P5) based on the OWASP Top Ten and Bugcrowd Extras. It includes specific vulnerability names and affected functions, highlighting issues such as server security misconfiguration, server-side injection, broken authentication, sensitive data exposure, and cross-site scripting. Each vulnerability is detailed with potential impacts and examples, emphasizing the importance of addressing these security concerns.

Uploaded by

Robert
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Priority OWASP Top Ten + Bugcrowd Extras Specific Vulnerability Name Variant or Affected Function

P1
Server Security Misconfiguration Using Default Credentials
Server-Side Injection File Inclusion Local
Server-Side Injection Remote Code Execution (RCE)

Server-Side Injection SQL Injection

Server-Side Injection XML External Entity Injection (XXE)

Broken Authentication and Session Management Authentication Bypass

Sensitive Data Exposure Critically Sensitive Data Password Disclosure

Sensitive Data Exposure Critically Sensitive Data Private API Keys

Insecure OS/Firmware Command Injection

Insecure OS/Firmware Hardcoded Password Privileged User


Broken Cryptography Cryptographic Flaw Incorrect Usage

P2
Server Security Misconfiguration Misconfigured DNS High Impact Sub domain Takeover
Server Security Misconfiguration OAuth Misconfiguration Account Takeover

Cross-Site Scripting (XSS) Stored Non-Privileged User to Anyone


Broken Access Control (BAC) Server-Side Request Forgery (SSRF) Internal High Impact
Cross-Site Request Forgery (CSRF) Application-Wide
Application-Level Denial-of-Service (DoS) Critical Impact and/or Easy Difficulty

P3 Server Security Misconfiguration


Server-Side Injection
Mail Server Misconfiguration
HTTP Response Manipulation
No Spoofing Protection on Email Domain
Response Splitting (CRLF) Server-Side Injection

Content Spoofing iframe Injection

Broken Authentication and Session Management Second Factor Authentication (2FA) Bypass
Broken Authentication and Session Management Weak Login Function HTTPS not Available or HTTP by Default
Broken Authentication and Session Management Session Fixation Remote Attack Vector
Sensitive Data Exposure EXIF Geolocation Data Not Stripped From Uploaded Images Automatic User Enumeration
Cross-Site Scripting (XSS) Stored Privileged User to Privilege Elevation
Priority OWASP Top Ten + Bugcrowd Extras Specific Vulnerability Name Variant or Affected Function

Cross-Site Scripting (XSS) Stored CSRF/URL-Based

P3 Cross-Site Scripting (XSS)


Broken Access Control (BAC)
Reflected
Server-Side Request Forgery (SSRF)
Non-Self
Internal Scan and/or Medium Impact
Application-Level Denial-of-Service (DoS) High Impact and/or Medium Difficulty
Client-Side Injection Binary Planting Default Folder Privilege Escalation

P4 Server Security Misconfiguration Misconfigured DNS Zone Transfer


Server Security Misconfiguration Mail Server Misconfiguration Email Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain
Server Security Misconfiguration Database Management System (DBMS) Misconfiguration Excessively Privileged User / DBA

Server Security Misconfiguration Lack of Password Confirmation Delete Account

Server Security Misconfiguration No Rate Limiting on Form Registration


Server Security Misconfiguration No Rate Limiting on Form Login
Server Security Misconfiguration No Rate Limiting on Form Email-Triggering

Server Security Misconfiguration No Rate Limiting on Form SMS-Triggering

Server Security Misconfiguration Missing Secure or HTTPOnly Cookie Flag Session Token

Server Security Misconfiguration Clickjacking Sensitive Click-Based Action


Server Security Misconfiguration CAPTCHA Implementation Vulnerability
Server Security Misconfiguration Lack of Security Headers Cache-Control for a Sensitive Page
Server Security Misconfiguration Web Application Firewall (WAF) Bypass Direct Server Access
Server-Side Injection Content Spoofing External Authentication Injection
Server-Side Injection Content Spoofing Email HTML Injection
Broken Authentication and Session Management Cleartext Transmission of Session Token
Broken Authentication and Session Management Weak Login Function Other Plaintext Protocol with no Secure Alternative
Broken Authentication and Session Management Weak Login Function LAN Only
Broken Authentication and Session Management Weak Login Function HTTP and HTTPS Available
Broken Authentication and Session Management Failure to Invalidate Session On Logout (Client and Server-Side)

Broken Authentication and Session Management Failure to Invalidate Session On Password Reset and/or Change

Broken Authentication and Session Management Weak Registration Implementation Over HTTP

Sensitive Data Exposure EXIF Geolocation Data Not Stripped From Uploaded Images Manual User Enumeration
Sensitive Data Exposure Visible Detailed Error/Debug Page Detailed Server Configuration
Priority OWASP Top Ten + Bugcrowd Extras Specific Vulnerability Name Variant or Affected Function

Sensitive Data Exposure Token Leakage via Referer Untrusted 3rd Party

P4 Sensitive Data Exposure

Sensitive Data Exposure


Token Leakage via Referer

Sensitive Token in URL


Over HTTP

User Facing

Sensitive Data Exposure Weak Password Reset Implementation Password Reset Token Sent Over HTTP

Cross-Site Scripting (XSS) Stored Privileged User to No Privilege Elevation

Cross-Site Scripting (XSS) Flash-Based

Cross-Site Scripting (XSS) IE-Only IE11


Cross-Site Scripting (XSS) Referer
Cross-Site Scripting (XSS) Universal (UXSS)
Cross-Site Scripting (XSS) Off-Domain Data URI

Broken Access Control (BAC) Server-Side Request Forgery (SSRF) External

Broken Access Control (BAC) Username Enumeration Data Leak

Unvalidated Redirects and Forwards Open Redirect GET-Based

Insufficient Security Configurability No Password Policy


Insufficient Security Configurability Weak Password Reset Implementation Token is Not Invalidated After Use
Using Components with Known Vulnerabilities Rosetta Flash
Insecure Data Storage Sensitive Application Data Stored Unencrypted On External Storage
Insecure Data Storage Server-Side Credentials Storage Plaintext
Insecure Data Transport Executable Download No Secure Integrity Check

Privacy Concerns Unnecessary Data Collection WiFi SSID+Password Mobile

Security Misconfiguration Clipboard Enabled On Sensitive Content

Server Security Misconfiguration Directory Listing Enabled Non-Sensitive Data Exposure

P5 Server Security Misconfiguration Same-Site Scripting

Server Security Misconfiguration Misconfigured DNS Missing Certification Authority Authorization (CAA) Record
Server Security Misconfiguration Mail Server Misconfiguration Email Spoofing to Spam Folder
Server Security Misconfiguration Mail Server Misconfiguration Missing or Misconfigured SPF and/or DKIM

Server Security Misconfiguration Lack of Password Confirmation Change Email Address

Server Security Misconfiguration Lack of Password Confirmation Change Password


Server Security Misconfiguration Lack of Password Confirmation Manage 2FA
Priority OWASP Top Ten + Bugcrowd Extras Specific Vulnerability Name Variant or Affected Function
Server Security Misconfiguration Unsafe File Upload No Antivirus

P5
CONTINUED
Server Security Misconfiguration
Server Security Misconfiguration
Unsafe File Upload
Unsafe File Upload
No Size Limit
File Extension Filter Bypass
Server Security Misconfiguration Cookie Scoped to Parent Domain
Server Security Misconfiguration Missing Secure or HTTPOnly Cookie Flag Non-Session Cookie
Server Security Misconfiguration Clickjacking Form Input
Server Security Misconfiguration Clickjacking Non-Sensitive Action
Server Security Misconfiguration CAPTCHA Brute Force

Server Security Misconfiguration CAPTCHA Missing

Server Security Misconfiguration Exposed Admin Portal To Internet

Server Security Misconfiguration Missing DNSSEC

Server Security Misconfiguration Fingerprinting/Banner Disclosure


Server Security Misconfiguration Username Enumeration Brute Force

Server Security Misconfiguration Potentially Unsafe HTTP Method Enabled OPTIONS

Server Security Misconfiguration Potentially Unsafe HTTP Method Enabled TRACE

Server Security Misconfiguration Insecure SSL Lack of Forward Secrecy

Server Security Misconfiguration Insecure SSL Insecure Cipher Suite

Server Security Misconfiguration Insecure SSL Certificate Error

Server Security Misconfiguration Reflected File Download (RFD)


Server Security Misconfiguration Lack of Security Headers X-Frame-Options
Server Security Misconfiguration Lack of Security Headers Cache-Control for a Non-Sensitive Page
Server Security Misconfiguration Lack of Security Headers X-XSS-Protection
Server Security Misconfiguration Lack of Security Headers Strict-Transport-Security

Server Security Misconfiguration Lack of Security Headers X-Content-Type-Options

Server Security Misconfiguration Lack of Security Headers Content-Security-Policy

Server Security Misconfiguration Lack of Security Headers Public-Key-Pins

Server Security Misconfiguration Lack of Security Headers X-Content-Security-Policy


Server Security Misconfiguration Lack of Security Headers X-Webkit-CSP
Server Security Misconfiguration Lack of Security Headers Content-Security-Policy-Report-Only

You might also like