[BL001] User data leakage to other users - Resource-ID authorization

Business Logic

[BL002] User data leakage to other users - User-ID authorization

Business Logic

[BL003] User data leakage to other users - Resource-ID and User-ID authorization

Business Logic

[BL004] User data leakage to other users - credentials authorization

Business Logic

[BL005] User data manipulation by other users - Resource-ID authorization

Business Logic

[BL006] User data manipulation by other users - User-ID authorization

Business Logic

[BL007] User data manipulation by other users - Resource-ID and User-ID authorization

Business Logic

[BL008] User data manipulation by other users - credentials authorization

Business Logic

[BL009] Guessable resource identifier

Business Logic

[INJ001] SQL Injection

Injections

[INJ002] MS-SQL Injection

Injections

[INJ003] MySQL Injection

Injections

[INJ004] SQLite Injection

Injections

[INJ005] PostgreSQL Injection

Injections

[INJ006] NoSQL Injection

Injections

[INJ007] Command Injection

Injections

[INJ008] Server-side template injection

Injections

[AB001] Ignored authentication token

Authentication bypass

[AB002] No signature validation in JWT

Authentication bypass

[AB003] JWT hashed without secret

Authentication bypass

[AB004] No signature in JWT

Authentication bypass

[AB005] Unsigned JWT

Authentication bypass

[MA001] Mass assignment by manipulation of hidden attributes

Mass Assignment

[MA002] Mass assignment by flag overloading

Mass Assignment

[SSRF001] Local file access

Server-Side request forgery

[ST001] Stack trace in response

Stack trace in response

[RES001] Resources limiting

Lack of Resources and Rate Limiting

[FM001] File path manipulation

File path manipulation