1. Erroneous Error Handling
2. SQL Injection
3. Parameters Tampering
4. Hidden Field Manipulation
5. Session Hijack
6. Cross Site Scripting
13. Weak SSL keys
14. 3rd Party Misconfiguration
15. Known Vulnerability
16. Cookie Poisoning
17. Cookie Theft
18. Data Store in Cache
7. Forceful Browsing
8. Buffer Overflow
9. Brute Force Authentication
10. HTML Comments
11. Default path traversal
12. Remote file execution
19. Backdoor & Debug Option
20. Stealth Command
21. Session Brute Force
22. Session Replay
23. Session Predictability
24. Banner Disclosure
25. More…