P0 - Unsafe Cross-Origin Resource Sharing (Server Security Misconfiguration)
P0 - Path Traversal (Server Security Misconfiguration)
P0 - Sensitive Data Exposure (Server Security Misconfiguration -> Directory Listing Enabled)
P0 - SSL Attack (BREACH, POODLE etc.) (Server Security Misconfiguration)
P0 - Missing/Broken State Parameter (Server Security Misconfiguration -> OAuth Misconfiguration)
P0 - Insecure Redirect URI (Server Security Misconfiguration -> OAuth Misconfiguration)
P0 - Privilege Escalation (Broken Authentication and Session Management)
P0 - Cross Site Script Inclusion (XSSI) (Sensitive Data Exposure)
P0 - Insecure Direct Object References (IDOR) (Broken Access Control (BAC))
P0 - Exposed Sensitive Android Intent (Broken Access Control (BAC))
P0 - Exposed Sensitive iOS URL Scheme (Broken Access Control (BAC))
P0 - Authenticated Action (Cross-Site Request Forgery (CSRF) -> Action-Specific)
P0 - Unauthenticated Action (Cross-Site Request Forgery (CSRF) -> Action-Specific)
P0 - Cleartext Transmission of Sensitive Data (Insecure Data Transport)
P1 - Using Default Credentials (Server Security Misconfiguration)
P1 - Local (Server-Side Injection -> File Inclusion)
P1 - Remote Code Execution (RCE) (Server-Side Injection)
P1 - SQL Injection (Server-Side Injection)
P1 - XML External Entity Injection (XXE) (Server-Side Injection)
P1 - Authentication Bypass (Broken Authentication and Session Management)
P1 - Password Disclosure (Sensitive Data Exposure -> Critically Sensitive Data)
P1 - Private API Keys (Sensitive Data Exposure -> Critically Sensitive Data)
P1 - Command Injection (Insecure OS/Firmware)
P1 - Privileged User (Insecure OS/Firmware -> Hardcoded Password)
P1 - Incorrect Usage (Broken Cryptography -> Cryptographic Flaw)
P1 - PII Leakage (Automotive Security Misconfiguration -> Infotainment)
P1 - Key Fob Cloning (Automotive Security Misconfiguration -> RF Hub)
P2 - High Impact Subdomain Takeover (Server Security Misconfiguration -> Misconfigured DNS)
P2 - Account Takeover (Server Security Misconfiguration -> OAuth Misconfiguration)
P2 - Token Leakage via Host Header Poisoning (Sensitive Data Exposure -> Weak Password Reset Implementation)
P2 - Non-Privileged User to Anyone (Cross-Site Scripting (XSS) -> Stored)
P2 - Internal High Impact (Broken Access Control (BAC) -> Server-Side Request Forgery (SSRF))
P2 - Application-Wide (Cross-Site Request Forgery (CSRF))
P2 - Critical Impact and/or Easy Difficulty (Application-Level Denial-of-Service (DoS))
P2 - Non-Privileged User (Insecure OS/Firmware -> Hardcoded Password)
P2 - Code Execution (CAN Bus Pivot) (Automotive Security Misconfiguration -> Infotainment)
P2 - CAN Injection / Interaction (Automotive Security Misconfiguration -> RF Hub)
P3 - Basic Subdomain Takeover (Server Security Misconfiguration -> Misconfigured DNS)
P3 - No Spoofing Protection on Email Domain (Server Security Misconfiguration -> Mail Server Misconfiguration)
P3 - Response Splitting (CRLF) (Server-Side Injection -> HTTP Response Manipulation)
P3 - iframe Injection (Server-Side Injection -> Content Spoofing)
P3 - Second Factor Authentication (2FA) Bypass (Broken Authentication and Session Management)
P3 - HTTPS not Available or HTTP by Default (Broken Authentication and Session Management -> Weak Login Function)
P3 - Remote Attack Vector (Broken Authentication and Session Management -> Session Fixation)
P3 - Automatic User Enumeration (Sensitive Data Exposure -> EXIF Geolocation Data Not Stripped From Uploaded Images)
P3 - Privileged User to Privilege Elevation (Cross-Site Scripting (XSS) -> Stored)
P3 - CSRF/URL-Based (Cross-Site Scripting (XSS) -> Stored)
P3 - Non-Self (Cross-Site Scripting (XSS) -> Reflected)
P3 - Internal Scan and/or Medium Impact (Broken Access Control (BAC) -> Server-Side Request Forgery (SSRF))
P3 - High Impact and/or Medium Difficulty (Application-Level Denial-of-Service (DoS))
P3 - Default Folder Privilege Escalation (Client-Side Injection -> Binary Planting)
P3 - Code Execution (No CAN Bus Pivot) (Automotive Security Misconfiguration -> Infotainment)
P3 - Unauthorized Access to Services (API / Endpoints) (Automotive Security Misconfiguration -> Infotainment)
P3 - Data Leakage / Pull Encryption Mechanism (Automotive Security Misconfiguration -> RF Hub)
P4 - Zone Transfer (Server Security Misconfiguration -> Misconfigured DNS)
P4 - Email Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain (Server Security Misconfiguration -> Mail Server Misconfiguration)
P4 - Excessively Privileged User / DBA (Server Security Misconfiguration -> Database Management System (DBMS) Misconfiguration)
P4 - Delete Account (Server Security Misconfiguration -> Lack of Password Confirmation)
P4 - Registration (Server Security Misconfiguration -> No Rate Limiting on Form)
P4 - Login (Server Security Misconfiguration -> No Rate Limiting on Form)
P4 - Email-Triggering (Server Security Misconfiguration -> No Rate Limiting on Form)
P4 - SMS-Triggering (Server Security Misconfiguration -> No Rate Limiting on Form)
P4 - Session Token (Server Security Misconfiguration -> Missing Secure or HTTPOnly Cookie Flag)
P4 - Sensitive Click-Based Action (Server Security Misconfiguration -> Clickjacking)
P4 - Implementation Vulnerability (Server Security Misconfiguration -> CAPTCHA)
P4 - Cache-Control for a Sensitive Page (Server Security Misconfiguration -> Lack of Security Headers)
P4 - Direct Server Access (Server Security Misconfiguration -> Web Application Firewall (WAF) Bypass)
P4 - External Authentication Injection (Server-Side Injection -> Content Spoofing)
P4 - Email HTML Injection (Server-Side Injection -> Content Spoofing)
P4 - Cleartext Transmission of Session Token (Broken Authentication and Session Management)
P4 - Other Plaintext Protocol with no Secure Alternative (Broken Authentication and Session Management -> Weak Login Function)
P4 - LAN Only (Broken Authentication and Session Management -> Weak Login Function)
P4 - HTTP and HTTPS Available (Broken Authentication and Session Management -> Weak Login Function)
P4 - On Logout (Client and Server-Side) (Broken Authentication and Session Management -> Failure to Invalidate Session)
P4 - On Password Reset and/or Change (Broken Authentication and Session Management -> Failure to Invalidate Session)
P4 - Over HTTP (Broken Authentication and Session Management -> Weak Registration Implementation)
P4 - Manual User Enumeration (Sensitive Data Exposure -> EXIF Geolocation Data Not Stripped From Uploaded Images)
P4 - Detailed Server Configuration (Sensitive Data Exposure -> Visible Detailed Error/Debug Page)
P4 - Untrusted 3rd Party (Sensitive Data Exposure -> Token Leakage via Referer)
P4 - Over HTTP (Sensitive Data Exposure -> Token Leakage via Referer)
P4 - User Facing (Sensitive Data Exposure -> Sensitive Token in URL)
P4 - Password Reset Token Sent Over HTTP (Sensitive Data Exposure -> Weak Password Reset Implementation)
P4 - Privileged User to No Privilege Elevation (Cross-Site Scripting (XSS) -> Stored)
P4 - Flash-Based (Cross-Site Scripting (XSS))
P4 - IE11 (Cross-Site Scripting (XSS) -> IE-Only)
P4 - Referer (Cross-Site Scripting (XSS))
P4 - Universal (UXSS) (Cross-Site Scripting (XSS))
P4 - Data URI (Cross-Site Scripting (XSS) -> Off-Domain)
P4 - External (Broken Access Control (BAC) -> Server-Side Request Forgery (SSRF))
P4 - Non-Brute Force (Broken Access Control (BAC) -> Username/Email Enumeration)
P4 - GET-Based (Unvalidated Redirects and Forwards -> Open Redirect)
P4 - No Password Policy (Insufficient Security Configurability)
P4 - Token is Not Invalidated After Use (Insufficient Security Configurability -> Weak Password Reset Implementation)
P4 - 2FA Secret Cannot be Rotated (Insufficient Security Configurability -> Weak 2FA Implementation)
P4 - 2FA Secret Remains Obtainable After 2FA is Enabled (Insufficient Security Configurability -> Weak 2FA Implementation)
P4 - Rosetta Flash (Using Components with Known Vulnerabilities)
P4 - On External Storage (Insecure Data Storage -> Sensitive Application Data Stored Unencrypted)
P4 - Plaintext (Insecure Data Storage -> Server-Side Credentials Storage)
P4 - No Secure Integrity Check (Insecure Data Transport -> Executable Download)
P4 - WiFi SSID+Password (Privacy Concerns -> Unnecessary Data Collection)
P4 - On Sensitive Content (Mobile Security Misconfiguration -> Clipboard Enabled)
P4 - Source Code Dump (Automotive Security Misconfiguration -> Infotainment)
P4 - Denial of Service (DoS / Brick) (Automotive Security Misconfiguration -> Infotainment)
P4 - Default Credentials (Automotive Security Misconfiguration -> Infotainment)
P4 - Unauthorized Access / Turn On (Automotive Security Misconfiguration -> RF Hub)
P4 - Injection (Disallowed Messages) (Automotive Security Misconfiguration -> CAN)
P4 - Injection (DoS) (Automotive Security Misconfiguration -> CAN)
P5 - Non-Sensitive Data Exposure (Server Security Misconfiguration -> Directory Listing Enabled)
P5 - Same-Site Scripting (Server Security Misconfiguration)
P5 - Missing Certification Authority Authorization (CAA) Record (Server Security Misconfiguration -> Misconfigured DNS)
P5 - Email Spoofing to Spam Folder (Server Security Misconfiguration -> Mail Server Misconfiguration)
P5 - Missing or Misconfigured SPF and/or DKIM (Server Security Misconfiguration -> Mail Server Misconfiguration)
P5 - Email Spoofing on non-email domain (Server Security Misconfiguration -> Mail Server Misconfiguration)
P5 - Change Email Address (Server Security Misconfiguration -> Lack of Password Confirmation)
P5 - Change Password (Server Security Misconfiguration -> Lack of Password Confirmation)
P5 - Manage 2FA (Server Security Misconfiguration -> Lack of Password Confirmation)
P5 - No Antivirus (Server Security Misconfiguration -> Unsafe File Upload)
P5 - No Size Limit (Server Security Misconfiguration -> Unsafe File Upload)
P5 - File Extension Filter Bypass (Server Security Misconfiguration -> Unsafe File Upload)
P5 - Cookie Scoped to Parent Domain (Server Security Misconfiguration)
P5 - Non-Session Cookie (Server Security Misconfiguration -> Missing Secure or HTTPOnly Cookie Flag)
P5 - Form Input (Server Security Misconfiguration -> Clickjacking)
P5 - Non-Sensitive Action (Server Security Misconfiguration -> Clickjacking)
P5 - Brute Force (Server Security Misconfiguration -> CAPTCHA)
P5 - Missing (Server Security Misconfiguration -> CAPTCHA)
P5 - To Internet (Server Security Misconfiguration -> Exposed Admin Portal)
P5 - Missing DNSSEC (Server Security Misconfiguration)
P5 - Fingerprinting/Banner Disclosure (Server Security Misconfiguration)
P5 - Brute Force (Server Security Misconfiguration -> Username/Email Enumeration)
P5 - OPTIONS (Server Security Misconfiguration -> Potentially Unsafe HTTP Method Enabled)
P5 - TRACE (Server Security Misconfiguration -> Potentially Unsafe HTTP Method Enabled)
P5 - Lack of Forward Secrecy (Server Security Misconfiguration -> Insecure SSL)
P5 - Insecure Cipher Suite (Server Security Misconfiguration -> Insecure SSL)
P5 - Certificate Error (Server Security Misconfiguration -> Insecure SSL)
P5 - Reflected File Download (RFD) (Server Security Misconfiguration)
P5 - X-Frame-Options (Server Security Misconfiguration -> Lack of Security Headers)
P5 - Cache-Control for a Non-Sensitive Page (Server Security Misconfiguration -> Lack of Security Headers)
P5 - X-XSS-Protection (Server Security Misconfiguration -> Lack of Security Headers)
P5 - Strict-Transport-Security (Server Security Misconfiguration -> Lack of Security Headers)
P5 - X-Content-Type-Options (Server Security Misconfiguration -> Lack of Security Headers)
P5 - Content-Security-Policy (Server Security Misconfiguration -> Lack of Security Headers)
P5 - Public-Key-Pins (Server Security Misconfiguration -> Lack of Security Headers)
P5 - X-Content-Security-Policy (Server Security Misconfiguration -> Lack of Security Headers)
P5 - X-Webkit-CSP (Server Security Misconfiguration -> Lack of Security Headers)
P5 - Content-Security-Policy-Report-Only (Server Security Misconfiguration -> Lack of Security Headers)
P5 - Bitsquatting (Server Security Misconfiguration)
P5 - Social Media Sharing Buttons (Server-Side Injection -> Parameter Pollution)
P5 - Flash Based External Authentication Injection (Server-Side Injection -> Content Spoofing)
P5 - Email Hyperlink Injection Based on Email Provider (Server-Side Injection -> Content Spoofing)
P5 - Text Injection (Server-Side Injection -> Content Spoofing)
P5 - Homograph/IDN-Based (Server-Side Injection -> Content Spoofing)
P5 - Right-to-Left Override (RTLO) (Server-Side Injection -> Content Spoofing)
P5 - Not Operational or Intended Public Access (Broken Authentication and Session Management -> Weak Login Function)
P5 - Local Attack Vector (Broken Authentication and Session Management -> Session Fixation)
P5 - On Logout (Server-Side Only) (Broken Authentication and Session Management -> Failure to Invalidate Session)
P5 - Concurrent Sessions On Logout (Broken Authentication and Session Management -> Failure to Invalidate Session)
P5 - On Email Change (Broken Authentication and Session Management -> Failure to Invalidate Session)
P5 - Long Timeout (Broken Authentication and Session Management -> Failure to Invalidate Session)
P5 - Concurrent Logins (Broken Authentication and Session Management)
P5 - Full Path Disclosure (Sensitive Data Exposure -> Visible Detailed Error/Debug Page)
P5 - Descriptive Stack Trace (Sensitive Data Exposure -> Visible Detailed Error/Debug Page)
P5 - Disclosure of Known Public Information (Sensitive Data Exposure)
P5 - Trusted 3rd Party (Sensitive Data Exposure -> Token Leakage via Referer)
P5 - In the Background (Sensitive Data Exposure -> Sensitive Token in URL)
P5 - On Password Reset (Sensitive Data Exposure -> Sensitive Token in URL)
P5 - Non-Sensitive Token in URL (Sensitive Data Exposure)
P5 - Mixed Content (HTTPS Sourcing HTTP) (Sensitive Data Exposure)
P5 - OAuth Secret (Sensitive Data Exposure -> Sensitive Data Hardcoded)
P5 - File Paths (Sensitive Data Exposure -> Sensitive Data Hardcoded)
P5 - Internal IP Disclosure (Sensitive Data Exposure)
P5 - JSON Hijacking (Sensitive Data Exposure)
P5 - Self (Cross-Site Scripting (XSS) -> Stored)
P5 - Self (Cross-Site Scripting (XSS) -> Reflected)
P5 - Cookie-Based (Cross-Site Scripting (XSS))
P5 - XSS Filter Disabled (Cross-Site Scripting (XSS) -> IE-Only)
P5 - Older Version (< IE11) (Cross-Site Scripting (XSS) -> IE-Only)
P5 - TRACE Method (Cross-Site Scripting (XSS))
P5 - DNS Query Only (Broken Access Control (BAC) -> Server-Side Request Forgery (SSRF))
P5 - Logout (Cross-Site Request Forgery (CSRF) -> Action-Specific)
P5 - CSRF Token Not Unique Per Request (Cross-Site Request Forgery (CSRF))
P5 - Malformed Android Intents (Application-Level Denial-of-Service (DoS) -> App Crash)
P5 - Malformed iOS URL Schemes (Application-Level Denial-of-Service (DoS) -> App Crash)
P5 - POST-Based (Unvalidated Redirects and Forwards -> Open Redirect)
P5 - Header-Based (Unvalidated Redirects and Forwards -> Open Redirect)
P5 - Flash-Based (Unvalidated Redirects and Forwards -> Open Redirect)
P5 - Tabnabbing (Unvalidated Redirects and Forwards)
P5 - Lack of Security Speed Bump Page (Unvalidated Redirects and Forwards)
P5 - Plaintext Password Field (External Behavior -> Browser Feature)
P5 - Save Password (External Behavior -> Browser Feature)
P5 - Autocomplete Enabled (External Behavior -> Browser Feature)
P5 - Autocorrect Enabled (External Behavior -> Browser Feature)
P5 - Aggressive Offline Caching (External Behavior -> Browser Feature)
P5 - CSV Injection (External Behavior)
P5 - Crowdsourcing (External Behavior -> Captcha Bypass)
P5 - Shared Links (External Behavior -> System Clipboard Leak)
P5 - User Password Persisted in Memory (External Behavior)
P5 - Weak Password Policy (Insufficient Security Configurability)
P5 - Token is Not Invalidated After Email Change (Insufficient Security Configurability -> Weak Password Reset Implementation)
P5 - Token is Not Invalidated After Password Change (Insufficient Security Configurability -> Weak Password Reset Implementation)
P5 - Token Has Long Timed Expiry (Insufficient Security Configurability -> Weak Password Reset Implementation)
P5 - Token is Not Invalidated After New Token is Requested (Insufficient Security Configurability -> Weak Password Reset Implementation)
P5 - Token is Not Invalidated After Login (Insufficient Security Configurability -> Weak Password Reset Implementation)
P5 - Lack of Verification Email (Insufficient Security Configurability)
P5 - Lack of Notification Email (Insufficient Security Configurability)
P5 - Allows Disposable Email Addresses (Insufficient Security Configurability -> Weak Registration Implementation)
P5 - Missing Failsafe (Insufficient Security Configurability -> Weak 2FA Implementation)
P5 - Outdated Software Version (Using Components with Known Vulnerabilities)
P5 - OCR (Optical Character Recognition) (Using Components with Known Vulnerabilities -> Captcha Bypass)
P5 - On Internal Storage (Insecure Data Storage -> Sensitive Application Data Stored Unencrypted)
P5 - Non-Sensitive Application Data Stored Unencrypted (Insecure Data Storage)
P5 - Screen Caching Enabled (Insecure Data Storage)
P5 - Lack of Exploit Mitigations (Lack of Binary Hardening)
P5 - Lack of Jailbreak Detection (Lack of Binary Hardening)
P5 - Lack of Obfuscation (Lack of Binary Hardening)
P5 - Runtime Instrumentation-Based (Lack of Binary Hardening)
P5 - Secure Integrity Check (Insecure Data Transport -> Executable Download)
P5 - Telnet Enabled (Network Security Misconfiguration)
P5 - Absent (Mobile Security Misconfiguration -> SSL Certificate Pinning)
P5 - Defeatable (Mobile Security Misconfiguration -> SSL Certificate Pinning)
P5 - Tapjacking (Mobile Security Misconfiguration)
P5 - On Non-Sensitive Content (Mobile Security Misconfiguration -> Clipboard Enabled)
P5 - Non-Default Folder Privilege Escalation (Client-Side Injection -> Binary Planting)
P5 - No Privilege Escalation (Client-Side Injection -> Binary Planting)
P5 - Roll Jam (Automotive Security Misconfiguration -> RF Hub)
P5 - Replay (Automotive Security Misconfiguration -> RF Hub)
P5 - Relay (Automotive Security Misconfiguration -> RF Hub)