overflow, Heap Overflow, integer overflow, buffer underflow, off-byone, memory leak, use after free, double free, race conditions(TOCTOU), lack of ASLR, lack of DEP, lack of stack cookie, lack of relro, lack of certificate pinning, lack of signature check, RCE, IDOR, RFI, LFI, SSO, CSRF, SSRF , SSTI, XEE, ReDOS, NoSQLi, SQLi, blind SQLi, XSS, blind XSS, DomXSS, Open Redirect, Path traversal, Insecure deserealization, LDAP injection, HQL injection, http parameter pollution, improper permissions, uncontrolled upload, uncontrolled resource consumption, CSV injection, graph injection, Denial of service, weak cryptography, lack of salt, lack of secret key, lack of anti-tampering, lack of root detect, lack of secomp/pledge, lack of rate limiting, lack of resource anti-robot, lack of http header hardening, lack of anti-hooking, misconfiguration, Uncontrolled Search Path Element, information leak,hardcoded credentials, tempest attack... Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022