OWASP has defined a list of security risks called the
OWASP Top 10, which can be found at
https://owasp.org/www-project-top-ten/.
This is the current OWASP Top 10 list:
1. Injection
2. Broken authentication
3. Sensitive data exposure
4. XML external entities
5. Broken access control
6. Security misconfiguration
7. Cross-site scripting
8. Insecure deserialization
9. Using components with known vulnerabilities
10. Insufficient logging and monitoringThe CVE (which stands for Common Vulnerabilities and
Exposures) is a list of publicly disclosed computer
security vulnerabilities. When someone refers to a CVE,
he or she usually means the CVE ID number assigned to
a security defect. Security advisories issued by vendors
and researchers almost always mention at least one CVE
ID. CVEs help IT professionals coordinate their efforts to
prioritize and address these vulnerabilities to make
computer systems more secure. CVEs are supervised by
the MITRE Corporation, with funding from the
Cybersecurity and Infrastructure Security Agency, part of
the U.S. Department of Homeland Security. A CVE
record usually provides a short one-line description.
Details are usually available on sites such the U.S.
National Vulnerability Database NVD;
(https://nvd.nist.gov/) and the CERT/CC Vulnerability
Notes Database (https://www.kb.cert.org/vuls/), as well
as the sites of prominent vendors in the industry.
A CVE record consists of the following:
ID
Description