2. 无效认证和Session管理方式(Broken Authentication and Session Management)
3. 跨站脚本(Cross-Site Scripting (XSS))
4. 直接引用非安全对象(Insecure Direct Object References)
5. 错误的安全配置(Security Misconfiguration)
6. 暴露敏感数据(Sensitive Data Exposure)
7. 功能级权限控制缺失(Missing Function Level Access Control)
8. 伪造跨站请求(Cross-Site Request Forgery)
9. 使用已知安全隐患组件(Using Components with Known Vulnerabilities)
10. 未验证跳转(Unvalidated Redirects and Forwards)
认证与授权(Authentication and Authorization)