- Weak Server Side Control
- Insecure Data Storage
- Insufficient Transport Layer Protection
- Unintended Data Leakage
- Insecure Authorization and Authentication
- Insufficient Cryptography
- Client Side Injection
- Security Decisions via Untrusted Inputs
- Improper Session Handling
- Lack of Binary Protection
- Improper Platform Usage
- Insecure Communication
- Code Tempering
- Reverse Engineering
- Extraneous Functionality