An overview of the most common vulnerabilities

DetectifyFeb 13, 2016

The internet is awesome, but it can also be a pretty dangerous place. This is why we at Detectify are always on the lookout for vulnerabilities! If you’d like to learn more about different vulnerability types and staying safe online, check out the articles on this list.

Common Vulnerabilities

Misconfigured email servers open the door to spoofed emails from top domains

Email authentication configurations are often lacking and leave domains vulnerable to spoofing. To establish how widespread this problem is, we have researched the SPF and DMARC records of the top 500 Alexa domains.

Cross-site Scripting (XSS)

Cross-site Scripting is a very common vulnerability that is easy to exploit. Check out our list of articles about Cross-site Scripting to read more about this vulnerability and learn how to protect your web application.

The basics of Local File Inclusions

In this blog post, we explain what Local File Inclusions are and how you can avoid them and make your code safer.

What is an SQL Injection and how do you fix it?

SQL injection flaws are very critical as they enable a remote attacker to gain access to the underlying database. In the worst case scenario, this allows the attacker to read, write and delete content in the database.

First Encounters Through the Eyes of Our Scanner

Read about how we scan for the most common vulnerabilities and what websites look like through the eyes of our scanner.

OWASP TOP 10

This blog series offers an insight into each of the 10 vulnerability types on OWASP’s list. We describe the vulnerabilities, the impact they can have, and highlight well-known examples of events involving them. Of course, we also explain how to discover these vulnerabilities, providing code examples and helpful remediation tips.

OWASP TOP 10: Injection (#1)

OWASP TOP 10: Broken Authentication and Session Management (#2)

OWASP TOP 10: Cross-site Scripting (#3)

OWASP TOP 10: Insecure Direct Object Reference (#4)

OWASP TOP 10: Security Misconfiguration (#5)

WordPress

With its large number of plugins and themes, WordPress is often subject to vulnerabilities.

WordPress Security

Curious about how you can make your WordPress site more secure? Go ahead and explore our articles on WordPress security to keep up to date with vulnerabilities and best practices.

Detectify

Complete External Attack Surface Management for AppSec and ProdSec teams.

Check out more content

Best Practices

EU Regulating InfoSec: How Detectify helps achieving NIS 2 and DORA compliance

**Disclaimer: The content of this blog post is for general information purposes only and is not legal advice. We are very passionate about cybersecurity rules and …

June 03, 2025

Best Practices

A practitioner’s guide to classifying every asset in your attack surface

TLDR: This article details methods and tools (from DNS records and IP addresses to HTTP analysis and HTML content) that practitioners can use to classify …

May 13, 2025

Best Practices

DNS is the center of the modern attack surface – are you protecting all levels?

If you are a mature organization, you might manage an external IP block of 65,000 IP addresses (equivalent to a /16 network). In contrast, very …

March 18, 2025

Best Practices

Making security a business value enabler, not a gatekeeper

The traditional perception of security within an organization is as a barrier rather than a facilitator, imposing approval processes and regulations that inevitably slow down …

February 25, 2025