https://community.isc2.org/t5/Threats/Top-AppDefects-for-January-21/m-p/43173#M279 <P>Here is what&nbsp;<A href="https://www.bugcrowd.com/blog/common-bugs-of-2021/" target="_blank" rel="noopener">BugCrowd</A>&nbsp;is seeing as trends in application defects for the month of January 2021. No real surprises except for number 9 Open Redirects. Validating URLs is hard...</P><P>&nbsp;</P><P>1 – SENSITIVE DATA EXPOSURE<BR />2 – CROSS-SITE SCRIPTING<BR />3 – SUBDOMAIN TAKEOVER<BR />4 – BROKEN ACCESS CONTROL<BR />5 – PRIVILEGE ESCALATION<BR />6 – SENSITIVE INFORMATION PASSED TO HTTP BY DEFAULT<BR />7 – AUTHENTICATION BYPASS<BR />8 – CROSS-SITE REQUEST FORGERY (CSRF)<BR />9 – OPEN REDIRECT<BR />10 – REMOTE CODE EXECUTION</P> Mon, 09 Oct 2023 09:47:36 GMT AppDefects 2023-10-09T09:47:36Z https://community.isc2.org/t5/Threats/Top-AppDefects-for-January-21/m-p/43173#M279 <P>Here is what&nbsp;<A href="https://www.bugcrowd.com/blog/common-bugs-of-2021/" target="_blank" rel="noopener">BugCrowd</A>&nbsp;is seeing as trends in application defects for the month of January 2021. No real surprises except for number 9 Open Redirects. Validating URLs is hard...</P><P>&nbsp;</P><P>1 – SENSITIVE DATA EXPOSURE<BR />2 – CROSS-SITE SCRIPTING<BR />3 – SUBDOMAIN TAKEOVER<BR />4 – BROKEN ACCESS CONTROL<BR />5 – PRIVILEGE ESCALATION<BR />6 – SENSITIVE INFORMATION PASSED TO HTTP BY DEFAULT<BR />7 – AUTHENTICATION BYPASS<BR />8 – CROSS-SITE REQUEST FORGERY (CSRF)<BR />9 – OPEN REDIRECT<BR />10 – REMOTE CODE EXECUTION</P> Mon, 09 Oct 2023 09:47:36 GMT https://community.isc2.org/t5/Threats/Top-AppDefects-for-January-21/m-p/43173#M279 AppDefects 2023-10-09T09:47:36Z