Best Practices for Mitigating Weaknesses

In addition to the 34 possible attacks, you read through 15 distinct weaknesses for a website. The 15 are mostly deficiencies in authorization, data handling, or configuration settings. Just as you follow best practices for mitigating attacks, you must practice due diligence for mitigating weaknesses. Awareness of these vulnerabilities is key. If an administrator is not concerned about sufficient privileges, then weaknesses get introduced. If a developer is not attentive to secure coding practices, weaknesses get introduced. In all cases where weaknesses are introduced, attackers potentially benefit. It is only a matter of time until they discover a weakness.