How do I install Top 100 Web Vulnerabilities Reference?

Install Top 100 Web Vulnerabilities Reference with a single command: npx mdskills install sickn33/top-web-vulnerabilities. This downloads the skill files into your project and your AI agent picks them up automatically.
What platforms support Top 100 Web Vulnerabilities Reference?

Top 100 Web Vulnerabilities Reference works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Codex, Gemini Cli, Amp, Roo Code, Goose, Opencode, Trae, Qodo, Command Code. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.
← Back to skills
Top 100 Web Vulnerabilities Reference

Name: Top 100 Web Vulnerabilities Reference: AI Agent Skill
Rating: 7 (1 reviews)
Author: sickn33
Verified
SecurityIntermediate
This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about injection attacks", "review access control weaknesses", "analyze API security issues", "assess security misconfigurations", "understand client-side vulnerabilities", "examine mobile and IoT security flaws", or "reference the OWASP-aligned vulnerability taxonomy". Use this skill to provide comprehensive vulnerability defin
by @sickn330Updated 2 weeks ago
Add this skill
npx mdskills install sickn33/top-web-vulnerabilities
Fork & Edit
Skill Advisor7.0
Comprehensive vulnerability reference with clear definitions, impacts, and mitigations for 100+ security flaws
+Organizes vulnerabilities into logical categories with consistent structure
+Provides actionable mitigation strategies alongside root causes and impacts
+Covers broad security landscape from injection to API to mobile threats
-Requests excessive permissions (shell, filesystem write) for a reference skill that provides information only
SKILL.md
Edit in Browser
1---
2name: Top 100 Web Vulnerabilities Reference
3description: This skill should be used when the user asks to "identify web application vulnerabilities", "explain common security flaws", "understand vulnerability categories", "learn about injection attacks", "review access control weaknesses", "analyze API security issues", "assess security misconfigurations", "understand client-side vulnerabilities", "examine mobile and IoT security flaws", or "reference the OWASP-aligned vulnerability taxonomy". Use this skill to provide comprehensive vulnerability definitions, root causes, impacts, and mitigation strategies across all major web security categories.
4metadata:
5  author: zebbern
6  version: "1.1"
7---
8 
9# Top 100 Web Vulnerabilities Reference
10 
11## Purpose
12 
13Provide a comprehensive, structured reference for the 100 most critical web application vulnerabilities organized by category. This skill enables systematic vulnerability identification, impact assessment, and remediation guidance across the full spectrum of web security threats. Content organized into 15 major vulnerability categories aligned with industry standards and real-world attack patterns.
14 
15## Prerequisites
16 
17- Basic understanding of web application architecture (client-server model, HTTP protocol)
18- Familiarity with common web technologies (HTML, JavaScript, SQL, XML, APIs)
19- Understanding of authentication and authorization concepts
20- Access to web application security testing tools (Burp Suite, OWASP ZAP)
21- Knowledge of secure coding principles recommended
22 
23## Outputs and Deliverables
24 
25- Complete vulnerability catalog with definitions, root causes, impacts, and mitigations
26- Category-based vulnerability groupings for systematic assessment
27- Quick reference for security testing and remediation
28- Foundation for vulnerability assessment checklists and security policies
29 
30---
31 
32## Core Workflow
33 
34### Phase 1: Injection Vulnerabilities Assessment
35 
36Evaluate injection attack vectors targeting data processing components:
37 
38**SQL Injection (1)**
39- Definition: Malicious SQL code inserted into input fields to manipulate database queries
40- Root Cause: Lack of input validation, improper use of parameterized queries
41- Impact: Unauthorized data access, data manipulation, database compromise
42- Mitigation: Use parameterized queries/prepared statements, input validation, least privilege database accounts
43 
44**Cross-Site Scripting - XSS (2)**
45- Definition: Injection of malicious scripts into web pages viewed by other users
46- Root Cause: Insufficient output encoding, lack of input sanitization
47- Impact: Session hijacking, credential theft, website defacement
48- Mitigation: Output encoding, Content Security Policy (CSP), input sanitization
49 
50**Command Injection (5, 11)**
51- Definition: Execution of arbitrary system commands through vulnerable applications
52- Root Cause: Unsanitized user input passed to system shells
53- Impact: Full system compromise, data exfiltration, lateral movement
54- Mitigation: Avoid shell execution, whitelist valid commands, strict input validation
55 
56**XML Injection (6), LDAP Injection (7), XPath Injection (8)**
57- Definition: Manipulation of XML/LDAP/XPath queries through malicious input
58- Root Cause: Improper input handling in query construction
59- Impact: Data exposure, authentication bypass, information disclosure
60- Mitigation: Input validation, parameterized queries, escape special characters
61 
62**Server-Side Template Injection - SSTI (13)**
63- Definition: Injection of malicious code into template engines
64- Root Cause: User input embedded directly in template expressions
65- Impact: Remote code execution, server compromise
66- Mitigation: Sandbox template engines, avoid user input in templates, strict input validation
67 
68### Phase 2: Authentication and Session Security
69 
70Assess authentication mechanism weaknesses:
71 
72**Session Fixation (14)**
73- Definition: Attacker sets victim's session ID before authentication
74- Root Cause: Session ID not regenerated after login
75- Impact: Session hijacking, unauthorized account access
76- Mitigation: Regenerate session ID on authentication, use secure session management
77 
78**Brute Force Attack (15)**
79- Definition: Systematic password guessing using automated tools
80- Root Cause: Lack of account lockout, rate limiting, or CAPTCHA
81- Impact: Unauthorized access, credential compromise
82- Mitigation: Account lockout policies, rate limiting, MFA, CAPTCHA
83 
84**Session Hijacking (16)**
85- Definition: Attacker steals or predicts valid session tokens
86- Root Cause: Weak session token generation, insecure transmission
87- Impact: Account takeover, unauthorized access
88- Mitigation: Secure random token generation, HTTPS, HttpOnly/Secure cookie flags
89 
90**Credential Stuffing and Reuse (22)**
91- Definition: Using leaked credentials to access accounts across services
92- Root Cause: Users reusing passwords, no breach detection
93- Impact: Mass account compromise, data breaches
94- Mitigation: MFA, breach password checks, unique credential requirements
95 
96**Insecure "Remember Me" Functionality (85)**
97- Definition: Weak persistent authentication token implementation
98- Root Cause: Predictable tokens, inadequate expiration controls
99- Impact: Unauthorized persistent access, session compromise
100- Mitigation: Strong token generation, proper expiration, secure storage
101 
102**CAPTCHA Bypass (86)**
103- Definition: Circumventing bot detection mechanisms
104- Root Cause: Weak CAPTCHA algorithms, improper validation
105- Impact: Automated attacks, credential stuffing, spam
106- Mitigation: reCAPTCHA v3, layered bot detection, rate limiting
107 
108### Phase 3: Sensitive Data Exposure
109 
110Identify data protection failures:
111 
112**IDOR - Insecure Direct Object References (23, 42)**
113- Definition: Direct access to internal objects via user-supplied references
114- Root Cause: Missing authorization checks on object access
115- Impact: Unauthorized data access, privacy breaches
116- Mitigation: Access control validation, indirect reference maps, authorization checks
117 
118**Data Leakage (24)**
119- Definition: Inadvertent disclosure of sensitive information
120- Root Cause: Inadequate data protection, weak access controls
121- Impact: Privacy breaches, regulatory penalties, reputation damage
122- Mitigation: DLP solutions, encryption, access controls, security training
123 
124**Unencrypted Data Storage (25)**
125- Definition: Storing sensitive data without encryption
126- Root Cause: Failure to implement encryption at rest
127- Impact: Data breaches if storage compromised
128- Mitigation: Full-disk encryption, database encryption, secure key management
129 
130**Information Disclosure (33)**
131- Definition: Exposure of system details through error messages or responses
132- Root Cause: Verbose error handling, debug information in production
133- Impact: Reconnaissance for further attacks, credential exposure
134- Mitigation: Generic error messages, disable debug mode, secure logging
135 
136### Phase 4: Security Misconfiguration
137 
138Assess configuration weaknesses:
139 
140**Missing Security Headers (26)**
141- Definition: Absence of protective HTTP headers (CSP, X-Frame-Options, HSTS)
142- Root Cause: Inadequate server configuration
143- Impact: XSS attacks, clickjacking, protocol downgrade
144- Mitigation: Implement CSP, X-Content-Type-Options, X-Frame-Options, HSTS
145 
146**Default Passwords (28)**
147- Definition: Unchanged default credentials on systems/applications
148- Root Cause: Failure to change vendor defaults
149- Impact: Unauthorized access, system compromise
150- Mitigation: Mandatory password changes, strong password policies
151 
152**Directory Listing (29)**
153- Definition: Web server exposes directory contents
154- Root Cause: Improper server configuration
155- Impact: Information disclosure, sensitive file exposure
156- Mitigation: Disable directory indexing, use default index files
157 
158**Unprotected API Endpoints (30)**
159- Definition: APIs lacking authentication or authorization
160- Root Cause: Missing security controls on API routes
161- Impact: Unauthorized data access, API abuse
162- Mitigation: OAuth/API keys, access controls, rate limiting
163 
164**Open Ports and Services (31)**
165- Definition: Unnecessary network services exposed
166- Root Cause: Failure to minimize attack surface
167- Impact: Exploitation of vulnerable services
168- Mitigation: Port scanning audits, firewall rules, service minimization
169 
170**Misconfigured CORS (35)**
171- Definition: Overly permissive Cross-Origin Resource Sharing policies
172- Root Cause: Wildcard origins, improper CORS configuration
173- Impact: Cross-site request attacks, data theft
174- Mitigation: Whitelist trusted origins, validate CORS headers
175 
176**Unpatched Software (34)**
177- Definition: Systems running outdated vulnerable software
178- Root Cause: Neglected patch management
179- Impact: Exploitation of known vulnerabilities
180- Mitigation: Patch management program, vulnerability scanning, automated updates
181 
182### Phase 5: XML-Related Vulnerabilities
183 
184Evaluate XML processing security:
185 
186**XXE - XML External Entity Injection (37)**
187- Definition: Exploitation of XML parsers to access files or internal systems
188- Root Cause: External entity processing enabled
189- Impact: File disclosure, SSRF, denial of service
190- Mitigation: Disable external entities, use safe XML parsers
191 
192**XEE - XML Entity Expansion (38)**
193- Definition: Excessive entity expansion causing resource exhaustion
194- Root Cause: Unlimited entity expansion allowed
195- Impact: Denial of service, parser crashes
196- Mitigation: Limit entity expansion, configure parser restrictions
197 
198**XML Bomb (Billion Laughs) (39)**
199- Definition: Crafted XML with nested entities consuming resources
200- Root Cause: Recursive entity definitions
201- Impact: Memory exhaustion, denial of service
202- Mitigation: Entity expansion limits, input size restrictions
203 
204**XML Denial of Service (65)**
205- Definition: Specially crafted XML causing excessive processing
206- Root Cause: Complex document structures without limits
207- Impact: CPU/memory exhaustion, service unavailability
208- Mitigation: Schema validation, size limits, processing timeouts
209 
210### Phase 6: Broken Access Control
211 
212Assess authorization enforcement:
213 
214**Inadequate Authorization (40)**
215- Definition: Failure to properly enforce access controls
216- Root Cause: Weak authorization policies, missing checks
217- Impact: Unauthorized access to sensitive resources
218- Mitigation: RBAC, centralized IAM, regular access reviews
219 
220**Privilege Escalation (41)**
221- Definition: Gaining elevated access beyond intended permissions
222- Root Cause: Misconfigured permissions, system vulnerabilities
223- Impact: Full system compromise, data manipulation
224- Mitigation: Least privilege, regular patching, privilege monitoring
225 
226**Forceful Browsing (43)**
227- Definition: Direct URL manipulation to access restricted resources
228- Root Cause: Weak access controls, predictable URLs
229- Impact: Unauthorized file/directory access
230- Mitigation: Server-side access controls, unpredictable resource paths
231 
232**Missing Function-Level Access Control (44)**
233- Definition: Unprotected administrative or privileged functions
234- Root Cause: Authorization only at UI level
235- Impact: Unauthorized function execution
236- Mitigation: Server-side authorization for all functions, RBAC
237 
238### Phase 7: Insecure Deserialization
239 
240Evaluate object serialization security:
241 
242**Remote Code Execution via Deserialization (45)**
243- Definition: Arbitrary code execution through malicious serialized objects
244- Root Cause: Untrusted data deserialized without validation
245- Impact: Complete system compromise, code execution
246- Mitigation: Avoid deserializing untrusted data, integrity checks, type validation
247 
248**Data Tampering (46)**
249- Definition: Unauthorized modification of serialized data
250- Root Cause: Missing integrity verification
251- Impact: Data corruption, privilege manipulation
252- Mitigation: Digital signatures, HMAC validation, encryption
253 
254**Object Injection (47)**
255- Definition: Malicious object instantiation during deserialization
256- Root Cause: Unsafe deserialization practices
257- Impact: Code execution, unauthorized access
258- Mitigation: Type restrictions, class whitelisting, secure libraries
259 
260### Phase 8: API Security Assessment
261 
262Evaluate API-specific vulnerabilities:
263 
264**Insecure API Endpoints (48)**
265- Definition: APIs without proper security controls
266- Root Cause: Poor API design, missing authentication
267- Impact: Data breaches, unauthorized access
268- Mitigation: OAuth/JWT, HTTPS, input validation, rate limiting
269 
270**API Key Exposure (49)**
271- Definition: Leaked or exposed API credentials
272- Root Cause: Hardcoded keys, insecure storage
273- Impact: Unauthorized API access, abuse
274- Mitigation: Secure key storage, rotation, environment variables
275 
276**Lack of Rate Limiting (50)**
277- Definition: No controls on API request frequency
278- Root Cause: Missing throttling mechanisms
279- Impact: DoS, API abuse, resource exhaustion
280- Mitigation: Rate limits per user/IP, throttling, DDoS protection
281 
282**Inadequate Input Validation (51)**
283- Definition: APIs accepting unvalidated user input
284- Root Cause: Missing server-side validation
285- Impact: Injection attacks, data corruption
286- Mitigation: Strict validation, parameterized queries, WAF
287 
288**API Abuse (75)**
289- Definition: Exploiting API functionality for malicious purposes
290- Root Cause: Excessive trust in client input
291- Impact: Data theft, account takeover, service abuse
292- Mitigation: Strong authentication, behavior analysis, anomaly detection
293 
294### Phase 9: Communication Security
295 
296Assess transport layer protections:
297 
298**Man-in-the-Middle Attack (52)**
299- Definition: Interception of communication between parties
300- Root Cause: Unencrypted channels, compromised networks
301- Impact: Data theft, session hijacking, impersonation
302- Mitigation: TLS/SSL, certificate pinning, mutual authentication
303 
304**Insufficient Transport Layer Security (53)**
305- Definition: Weak or outdated encryption for data in transit
306- Root Cause: Outdated protocols (SSLv2/3), weak ciphers
307- Impact: Traffic interception, credential theft
308- Mitigation: TLS 1.2+, strong cipher suites, HSTS
309 
310**Insecure SSL/TLS Configuration (54)**
311- Definition: Improperly configured encryption settings
312- Root Cause: Weak ciphers, missing forward secrecy
313- Impact: Traffic decryption, MITM attacks
314- Mitigation: Modern cipher suites, PFS, certificate validation
315 
316**Insecure Communication Protocols (55)**
317- Definition: Use of unencrypted protocols (HTTP, Telnet, FTP)
318- Root Cause: Legacy systems, security unawareness
319- Impact: Traffic sniffing, credential exposure
320- Mitigation: HTTPS, SSH, SFTP, VPN tunnels
321 
322### Phase 10: Client-Side Vulnerabilities
323 
324Evaluate browser-side security:
325 
326**DOM-based XSS (56)**
327- Definition: XSS through client-side JavaScript manipulation
328- Root Cause: Unsafe DOM manipulation with user input
329- Impact: Session theft, credential harvesting
330- Mitigation: Safe DOM APIs, CSP, input sanitization
331 
332**Insecure Cross-Origin Communication (57)**
333- Definition: Improper handling of cross-origin requests
334- Root Cause: Relaxed CORS/SOP policies
335- Impact: Data leakage, CSRF attacks
336- Mitigation: Strict CORS, CSRF tokens, origin validation
337 
338**Browser Cache Poisoning (58)**
339- Definition: Manipulation of cached content
340- Root Cause: Weak cache validation
341- Impact: Malicious content delivery
342- Mitigation: Cache-Control headers, HTTPS, integrity checks
343 
344**Clickjacking (59, 71)**
345- Definition: UI redress attack tricking users into clicking hidden elements
346- Root Cause: Missing frame protection
347- Impact: Unintended actions, credential theft
348- Mitigation: X-Frame-Options, CSP frame-ancestors, frame-busting
349 
350**HTML5 Security Issues (60)**
351- Definition: Vulnerabilities in HTML5 APIs (WebSockets, Storage, Geolocation)
352- Root Cause: Improper API usage, insufficient validation
353- Impact: Data leakage, XSS, privacy violations
354- Mitigation: Secure API usage, input validation, sandboxing
355 
356### Phase 11: Denial of Service Assessment
357 
358Evaluate availability threats:
359 
360**DDoS - Distributed Denial of Service (61)**
361- Definition: Overwhelming systems with traffic from multiple sources
362- Root Cause: Botnets, amplification attacks
363- Impact: Service unavailability, revenue loss
364- Mitigation: DDoS protection services, rate limiting, CDN
365 
366**Application Layer DoS (62)**
367- Definition: Targeting application logic to exhaust resources
368- Root Cause: Inefficient code, resource-intensive operations
369- Impact: Application unavailability, degraded performance
370- Mitigation: Rate limiting, caching, WAF, code optimization
371 
372**Resource Exhaustion (63)**
373- Definition: Depleting CPU, memory, disk, or network resources
374- Root Cause: Inefficient resource management
375- Impact: System crashes, service degradation
376- Mitigation: Resource quotas, monitoring, load balancing
377 
378**Slowloris Attack (64)**
379- Definition: Keeping connections open with partial HTTP requests
380- Root Cause: No connection timeouts
381- Impact: Web server resource exhaustion
382- Mitigation: Connection timeouts, request limits, reverse proxy
383 
384### Phase 12: Server-Side Request Forgery
385 
386Assess SSRF vulnerabilities:
387 
388**SSRF - Server-Side Request Forgery (66)**
389- Definition: Manipulating server to make requests to internal resources
390- Root Cause: Unvalidated user-controlled URLs
391- Impact: Internal network access, data theft, cloud metadata access
392- Mitigation: URL whitelisting, network segmentation, egress filtering
393 
394**Blind SSRF (87)**
395- Definition: SSRF without direct response visibility
396- Root Cause: Similar to SSRF, harder to detect
397- Impact: Data exfiltration, internal reconnaissance
398- Mitigation: Allowlists, WAF, network restrictions
399 
400**Time-Based Blind SSRF (88)**
401- Definition: Inferring SSRF success through response timing
402- Root Cause: Processing delays indicating request outcomes
403- Impact: Prolonged exploitation, detection evasion
404- Mitigation: Request timeouts, anomaly detection, timing monitoring
405 
406### Phase 13: Additional Web Vulnerabilities
407 
408| # | Vulnerability | Root Cause | Impact | Mitigation |
409|---|--------------|-----------|--------|------------|
410| 67 | HTTP Parameter Pollution | Inconsistent parsing | Injection, ACL bypass | Strict parsing, validation |
411| 68 | Insecure Redirects | Unvalidated targets | Phishing, malware | Whitelist destinations |
412| 69 | File Inclusion (LFI/RFI) | Unvalidated paths | Code exec, disclosure | Whitelist files, disable RFI |
413| 70 | Security Header Bypass | Misconfigured headers | XSS, clickjacking | Proper headers, audits |
414| 72 | Inadequate Session Timeout | Excessive timeouts | Session hijacking | Idle termination, timeouts |
415| 73 | Insufficient Logging | Missing infrastructure | Detection gaps | SIEM, alerting |
416| 74 | Business Logic Flaws | Insecure design | Fraud, unauthorized ops | Threat modeling, testing |
417 
418### Phase 14: Mobile and IoT Security
419 
420| # | Vulnerability | Root Cause | Impact | Mitigation |
421|---|--------------|-----------|--------|------------|
422| 76 | Insecure Mobile Storage | Plain text, weak crypto | Data theft | Keychain/Keystore, encrypt |
423| 77 | Insecure Mobile Transmission | HTTP, cert failures | Traffic interception | TLS, cert pinning |
424| 78 | Insecure Mobile APIs | Missing auth/validation | Data exposure | OAuth/JWT, validation |
425| 79 | App Reverse Engineering | Hardcoded creds | Credential theft | Obfuscation, RASP |
426| 80 | IoT Management Issues | Weak auth, no TLS | Device takeover | Strong auth, TLS |
427| 81 | Weak IoT Authentication | Default passwords | Unauthorized access | Unique creds, MFA |
428| 82 | IoT Vulnerabilities | Design flaws, old firmware | Botnet recruitment | Updates, segmentation |
429| 83 | Smart Home Access | Insecure defaults | Privacy invasion | MFA, segmentation |
430| 84 | IoT Privacy Issues | Excessive collection | Surveillance | Data minimization |
431 
432### Phase 15: Advanced and Zero-Day Threats
433 
434| # | Vulnerability | Root Cause | Impact | Mitigation |
435|---|--------------|-----------|--------|------------|
436| 89 | MIME Sniffing | Missing headers | XSS, spoofing | X-Content-Type-Options |
437| 91 | CSP Bypass | Weak config | XSS despite CSP | Strict CSP, nonces |
438| 92 | Inconsistent Validation | Decentralized logic | Control bypass | Centralized validation |
439| 93 | Race Conditions | Missing sync | Privilege escalation | Proper locking |
440| 94-95 | Business Logic Flaws | Missing validation | Financial fraud | Server-side validation |
441| 96 | Account Enumeration | Different responses | Targeted attacks | Uniform responses |
442| 98-99 | Unpatched Vulnerabilities | Patch delays | Zero-day exploitation | Patch management |
443| 100 | Zero-Day Exploits | Unknown vulns | Unmitigated attacks | Defense in depth |
444 
445---
446 
447## Quick Reference
448 
449### Vulnerability Categories Summary
450 
451| Category | Vulnerability Numbers | Key Controls |
452|----------|----------------------|--------------|
453| Injection | 1-13 | Parameterized queries, input validation, output encoding |
454| Authentication | 14-23, 85-86 | MFA, session management, account lockout |
455| Data Exposure | 24-27 | Encryption at rest/transit, access controls, DLP |
456| Misconfiguration | 28-36 | Secure defaults, hardening, patching |
457| XML | 37-39, 65 | Disable external entities, limit expansion |
458| Access Control | 40-44 | RBAC, least privilege, authorization checks |
459| Deserialization | 45-47 | Avoid untrusted data, integrity validation |
460| API Security | 48-51, 75 | OAuth, rate limiting, input validation |
461| Communication | 52-55 | TLS 1.2+, certificate validation, HTTPS |
462| Client-Side | 56-60 | CSP, X-Frame-Options, safe DOM |
463| DoS | 61-65 | Rate limiting, DDoS protection, resource limits |
464| SSRF | 66, 87-88 | URL whitelisting, egress filtering |
465| Mobile/IoT | 76-84 | Encryption, authentication, secure storage |
466| Business Logic | 74, 92-97 | Threat modeling, logic testing |
467| Zero-Day | 98-100 | Defense in depth, threat intelligence |
468 
469### Critical Security Headers
470 
471```
472Content-Security-Policy: default-src 'self'; script-src 'self'
473X-Content-Type-Options: nosniff
474X-Frame-Options: DENY
475X-XSS-Protection: 1; mode=block
476Strict-Transport-Security: max-age=31536000; includeSubDomains
477Referrer-Policy: strict-origin-when-cross-origin
478Permissions-Policy: geolocation=(), microphone=()
479```
480 
481### OWASP Top 10 Mapping
482 
483| OWASP 2021 | Related Vulnerabilities |
484|------------|------------------------|
485| A01: Broken Access Control | 40-44, 23, 74 |
486| A02: Cryptographic Failures | 24-25, 53-55 |
487| A03: Injection | 1-13, 37-39 |
488| A04: Insecure Design | 74, 92-97 |
489| A05: Security Misconfiguration | 26-36 |
490| A06: Vulnerable Components | 34, 98-100 |
491| A07: Auth Failures | 14-23, 85-86 |
492| A08: Data Integrity | 45-47 |
493| A09: Logging Failures | 73 |
494| A10: SSRF | 66, 87-88 |
495 
496---
497 
498## Constraints and Limitations
499 
500- Vulnerability definitions represent common patterns; specific implementations vary
501- Mitigations must be adapted to technology stack and architecture
502- New vulnerabilities emerge continuously; reference should be updated
503- Some vulnerabilities overlap across categories (e.g., IDOR appears in multiple contexts)
504- Effectiveness of mitigations depends on proper implementation
505- Automated scanners cannot detect all vulnerability types (especially business logic)
506 
507---
508 
509## Troubleshooting
510 
511### Common Assessment Challenges
512 
513| Challenge | Solution |
514|-----------|----------|
515| False positives in scanning | Manual verification, contextual analysis |
516| Business logic flaws missed | Manual testing, threat modeling, abuse case analysis |
517| Encrypted traffic analysis | Proxy configuration, certificate installation |
518| WAF blocking tests | Rate adjustment, IP rotation, payload encoding |
519| Session handling issues | Cookie management, authentication state tracking |
520| API discovery | Swagger/OpenAPI enumeration, traffic analysis |
521 
522### Vulnerability Verification Techniques
523 
524| Vulnerability Type | Verification Approach |
525|-------------------|----------------------|
526| Injection | Payload testing with encoded variants |
527| XSS | Alert boxes, cookie access, DOM inspection |
528| CSRF | Cross-origin form submission testing |
529| SSRF | Out-of-band DNS/HTTP callbacks |
530| XXE | External entity with controlled server |
531| Access Control | Horizontal/vertical privilege testing |
532| Authentication | Credential rotation, session analysis |
533 
534---
535 
536## References
537 
538- OWASP Top 10 Web Application Security Risks
539- CWE/SANS Top 25 Most Dangerous Software Errors
540- OWASP Testing Guide
541- OWASP Application Security Verification Standard (ASVS)
542- NIST Cybersecurity Framework
543- Source: Kumar MS - Top 100 Web Vulnerabilities
544
Full transparency — inspect the skill content before installing.