These findings are ranked from most Critical to Least. The list is not all inclusive and is more just a list of findings commonly seen on external pentests.
Insufficient Authentication Controls
Weak Password Policy
Insufficient Patching
Default Credentials
Insufficient Encryption
Information Disclosure
Username Enumeration
Default Web Pages
Open Mail Relays
IKE Aggressive Mode
Unexpected Perimeter Services
Insufficient Traffic Blocking
Undetected Malicious Activity
Historical Account Compromises
Last updated 2 years ago
