Content is hidden
Broken Authentication and Session Management
Lack of Security Headers
Insecure Authorization
Failure to Invalidate Session
Plaintext Password Field
Business Logic Errors
Unsecure Design
Cross-Site Request Forgery (CSRF)
Lack of Rate Limiting Protections (i.e. CAPTCHA)