This list is often leveraged by the greater
security industry as a framework to protect
against common web app attacks.
Unfortunately, this dynamic also provides
cybercriminals with a better blueprint from
Currently, the top known web attacks include
SQL injection, directory traversal, cross-site
scripting (XSS), broken authentication and
session management, cross-site request
forgery (CSRF) security misconfigurations,
sensitive data exposure and more.