Knowledge Center

Frequently Asked Questions

Top Vulnerabilities List

What is the WhiteHat Top 40 Vulnerabilities list?

WhiteHat Top 40 refers to the list of 40 most common and prevalent vulnerabilities list found in applications scanned by the WhiteHat Sentinel platform, using both static and dynamic analysis.

The vulnerabilities on this list occur most frequently, and are often easy to exploit, allowing the hackers to breach your applications, steal your data, and cause business and reputation damage. 


WhiteHat Top 40 Vulnerabilities:  

This list also includes the OWASP Top 10 vulnerabilities. 

Cross Site Scripting

Information Leakage: Error Disclosure

Unpatched Library

Application Misconfiguration: Global Error Handling Disabled SQL Injection

Application Misconfiguration: Debug

Path Traversal

UI Redressing: Clickjacking/Tapjacking

Missing Access Strategy

Cryptography: Insecure Digest

Denial of Service: ReadLine

Injection: HTTP Response Splitting

Insufficient Session Expiration

Insufficient Transport Layer Protection

URL Redirector Abuse

Unvalidated Automatic Library Activation

Information Leakage: Logging

Information Leakage: Session ID

OS Command Injection

Insufficient Authorization: HTTP Verb Tampering 

Cryptography: Cipher Transformation Insecure 

Information Leakage: SSN

Cryptography: Insecure Cipher

Cryptography: Improper Certificate Validation 

Cryptography: Insecure Protocol

Injection: Remote Code Execution

Insufficient Authentication: Basic Authentication Usage 

Cryptography: Provider Undefined

Binary Protection: Missing PT_DENY_ATTACH

Insecure Data Storage: Unencrypted SSN

Unsafe Code Usage

Cryptography: Insecure Cipher Mode

LDAP Injection

Directory Indexing

Injection: HTTP Request Splitting

Insufficient Authorization: CORS Policy

Sensitive data location precision

Denial of Service: ReadFile

Remote File Inclusion

Access Control: File Permissions


To learn more about these vulnerabilities, check out our application security terminology glossary.

Web application attacks represent the greatest threat to a business, thus using both dynamic analysis and static analysis in tandem is essential for application security effectiveness. The best practice to avoid application vulnerabilities is to avoid creating them in the first place by utilizing secure coding training and monitoring applications for security flaws, as developers are creating code.


OWASP TOP 10 Vulnerabilities:

A1
Injection
A2
Broken Authentication and Session Management (XSS)
A3
Cross Site Scripting (XSS)
A4
Insecure Direct Object References
A5
Security Misconfiguration
A6
Sensitive Data Exposure
A7
Missing Function Level Access Control
A8
Cross Site Request Forgery (CSRF)
A9
Using Components with Known Vulnerabilities
A10
Unvalidated Redirects and Forwards