Abuse of Functionality Brute Force Buffer Overflow Content Spoofing Credential/Session Prediction Cross-site Request Forgery Cross-site Scripting Denial of Service Directory Indexing Format String HTTP Response Splitting Information Leakage Insecure Indexing Insufficient Authentication Insufficient Authorization Insufficient Session Expiration Insufficient Transport Layer Protection Integer Overflows LDAP Injection Mail Command Injection Malicious Content Tests Null Byte Injection OS Commanding Path Traversal Predictable Resource Location Remote File Inclusion Server Misconfiguration Session Fixation SOAP Array Abuse SQL Injection SSI Injection URL Redirector Abuse XML Attribute Blowup XML Entity Expansion XML External Entities XML Injection XPath Injection