Scribd
Upload
117 views1 page

Vulnerabilities: - Numan Rajkotiya

The document lists various types of security misconfigurations that could impact websites and web applications, including issues related to default credentials, DNS settings, OAuth, redirects, email settings, mail servers, databases, access controls, SSL, mobile security, network security, cookies, captchas, brute force protection, and server-side features.

Uploaded by

rnd
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
117 views1 page

Vulnerabilities: - Numan Rajkotiya

The document lists various types of security misconfigurations that could impact websites and web applications, including issues related to default credentials, DNS settings, OAuth, redirects, email settings, mail servers, databases, access controls, SSL, mobile security, network security, cookies, captchas, brute force protection, and server-side features.

Uploaded by

rnd
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Using Default Credentials

Misconfigured DNS Subdomain Takeover

Account Takeover

OAuth Misconfiguration Missing/Broken State Parameter

Insecure Redirect URI

Missing SPF on Email Domain

Email Spoofable Via Third-Party API


Misconfiguration

Missing SPF on Non-Email Domain


Mail Server Misconfiguration

SPF Uses a Soft Fail

SPF Includes More Than 10 Lookups

Missing DKIM/DMARC

Misconfigured DNS Zone Transfer

Database Management System (DBMS)


Misconfiguration Excessively Privileged User / DBA

Delete Account

Change Email Address


Lack of Password Confirmation
Change Password
Absent
SSL Certificate Pinning Manage 2FA
Defeatable
Mobile Security Misconfiguration Registration
Tapjacking
No Rate Limiting on Form Login

Telnet Enabled Email-Triggering


Network Security
Misconfiguration Session Token
Missing Secure or HTTPOnly Cookie Flag
Non-Session Cookie
Lack of Exploit Mitigations
Sensitive Action
Lack of Jailbreak Detection Clickjacking
Non-Sensitive Action
Lack of Obfuscation Lack of Binary Hardening
Implementation Vulnerability
Runtime Instrumentation-Based Captcha Bypass
Brute Force

Plaintext Password Field Cache-Control for a Sensitive Page

Save Password X-Frame-Options


Server Security Misconfiguration
Autocomplete Enabled Browser Feature Cache-Control for a Non-Sensitive Page

Autocorrect Enabled X-XSS-Protection

Aggressive Offline Caching Strict-Transport-Security

CSV Injection Lack of Security Headers X-Content-Type-Options


External Behavior
Crowdsourcing Captcha Bypass Content-Security-Policy

Shared Links System Clipboard Leak Public-Key-Pins

User Password Persisted in Memory X-Content-Security-Policy

X-Webkit-CSP
WiFi SSID+Password Unnecessary Data Collection
Privacy Concerns Content-Security-Policy-Report-Only

Non-Sensitive Data Exposure


No Secure Integrity Check Directory Listing Enabled
Executable Download Sensitive Data Exposure
Secure Integrity Check
Same-Site Scripting
Insecure Data Transport
Cleartext Transmission of Sensitive Data
Missing Certification Authority
Misconfigured DNS Authorization (CAA) Record

On External Storage Sensitive Application Data Stored No Antivirus


Unencrypted
On Internal Storage
Unsafe File Upload No Size Limit

Plaintext Server-Side Credentials Storage


File Extension Filter Bypass

Non-Sensitive Application Data Stored Insecure Data Storage


Unencrypted Exposed Admin Portal To Internet

Screen Caching Enabled Fingerprinting/Banner Disclosure

Username Enumeration Brute Force

Rosetta Flash
OPTIONS
Potentially Unsafe HTTP Method Enabled
Outdated Software Version
TRACE
Using Components with Known
Captcha Bypass
Vulnerabilities Lack of Forward Secrecy
Insecure SSL
OCR (Optical Character Recognition)
Insecure Cipher Suite

Reflected File Download (RFD)


No Password Policy

Bitsquatting
Token is Not Invalidated After Use

Unsafe Cross-Origin Resource Sharing


Token is Not Invalidated After Email
Change
Path Traversal

Token is Not Invalidated After Password


SSL Attack (BREACH, POODLE etc.)
Change
Weak Password Reset Implementation

Token Has Long Timed Expiry


File Inclusion Local

Token is Not Invalidated After New Token


is Requested Insufficient Security Remote Code Execution (RCE)
Configurability
SQL Injection
Token is Not Invalidated After Login

XML External Entity Injection (XXE)


Weak Password Policy

HTTP Response Manipulation Response Splitting (CRLF)


Lack of Verification Email

iframe Injection
Lack of Notification Email

Allows Disposable Email Addresses Weak Registration Implementation


Vulnerabilities Server-Side Injection External Authentication Injection

Missing Failsafe Weak 2FA Implementation Email HTML Injection


Content Spoofing
Text Injection

GET-Based
Homograph/IDN-Based

POST-Based Open Redirect


Right-to-Left Override (RTLO)

Header-Based
Parameter Pollution Social Media Sharing Buttons
Unvalidated Redirects and
Tabnabbing
Forwards
Lack of Security Speed Bump Page Authentication Bypass

HTTPS not Available or HTTP by Default

Default Folder Privilege Escalation


Other Plaintext Protocol with no Secure
Alternative
Non-Default Folder Privilege Escalation Binary Planting
Client-Side Injection Weak Login Function
LAN Only
No Privilege Escalation

HTTP and HTTPS Available

Critical Impact and/or Easy Difficulty


Not Operational or Intended Public Access

High Impact and/or Medium Difficulty


Application-Level Denial-of- Session Fixation

Malformed Android Intents Service (DoS)


On Logout (Client and Server-Side)
App Crash Broken Authentication and
Malformed iOS URL Schemes
Session Management On Password Reset and/or Change

On Logout (Server-Side Only)


Application-Wide
Failure to Invalidate Session
Concurrent Sessions On Logout
Logout Cross-Site Request Forgery (
CSRF) On Email Change
Authenticated Action Action-Specific

Long Timeout
Unauthenticated Action

Weak Registration Implementation Over HTTP

Internal Concurrent Logins


Server-Side Request Forgery (SSRF)
External Privilege Escalation

Data Leak Username Enumeration

Password Disclosure
Insecure Direct Object References (IDOR) Broken Access Control (BAC) Critically Sensitive Data
Private API Keys
Exposed Sensitive Android Intent

EXIF Geolocation Data Not Stripped From Automatic User Enumeration


Exposed Sensitive iOS URL Scheme
Uploaded Images
Manual User Enumeration

Non-Admin to Anyone Detailed Server Configuration

Admin to Anyone Visible Detailed Error/Debug Page Full Path Disclosure


Stored
CSRF/URL-Based Descriptive Stack Trace

Self Untrusted 3rd Party

Non-Self Token Leakage via Referer Over HTTP


Reflected
Self Trusted 3rd Party

IE11 User Facing

XSS Filter Disabled IE-Only


Sensitive Data Exposure Sensitive Token in URL In the Background
Cross-Site Scripting (XSS)
Older Version (< IE11) On Password Reset

Referer Weak Password Reset Implementation Password Reset Token Sent Over HTTP

Universal (UXSS) Disclosure of Known Public Information

Data URI Off-Domain Non-Sensitive Token in URL

Cookie-Based Mixed Content (HTTPS Sourcing HTTP)

TRACE Method OAuth Secret


Sensitive Data Hardcoded
File Paths
Incorrect Usage Cryptographic Flaw
Broken Cryptography Internal IP Disclosure

JSON Hijacking
Command Injection
Cross Site Script Inclusion (XSSI)
Privileged User
Insecure OS/Firmware
Hardcoded Password
Non-Privileged User

- Numan Rajkotiya

You might also like