The top 6 software insecurities, with links.

CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-434
Unrestricted Upload of File with Dangerous Type

CWE-352
Cross-Site Request Forgery (CSRF)

CWE-601
URL Redirection to Untrusted Site ('Open Redirect')

image

See my other blogs at:

See my colleagues blogs at: