Skip to content

Common Vulnerabilities

The common application security vulnerabilities are included in the OWASP Top 10 list. Another list is the CWE Top 25. These lists are regularly updated and items can be re-ordered, removed, or added.

Example of the OWASP app Top 10:

  1. Broken Access Control
  2. Cryptographic Failures
  3. Injection
  4. Insecure Design
  5. Security Misconfiguration
  6. Vulnerable and Outdated Components
  7. Identification and Authentication Failures
  8. Software and Data Integrity Failures
  9. Security Logging and Monitoring Failures
  10. Server-Side Request Forgery (SSRF)

Example of the OWASP API Top 10:

  1. Broken Object Level Authortization
  2. Broken Authentication
  3. Broken Object Property Level Authorization
  4. Unrestricted Resource Consumption
  5. Broken Function Level Authorization
  6. Unrestricted Access to Sensitive Business Flows
  7. Server Side Request Forgery
  8. Security Misconfiguration
  9. Improper Inventory Management
  10. Unsafe Consumption of APIs

Tools

There are tools which can help you to uncover the common vulnerabilities of software you develop. Maybe the most well known are product from Sonar. For instance the SonarQube supports the concept of the Clean Code, and provides tools which scans source code during building process. It integrated with CI/CD tool as well as with development IDEs. It includes checks for common vulnerabilities included in OWASP and CWE lists.

OWASP: Open Worldwide Application Security Project is a nonprofit foundation that works to improve the security of software

CWE: Common Weakness Enumeration is a community-developed list of common software and hardware weakness types that could have security ramifications.