Las diez principales debilidades de seguridad de una computadora en red [cerrado]

Sólo se me ocurrieron 5 hasta ahora.

Aquí está mi lista en ningún orden en particular:

1. Configuración errónea de seguridad ( Top 10 de OWASP )

Good security requires having a secure configuration defined and deployed for the 
application, frameworks, application server, web server, database server, and platform. 
All these settings should be defined, implemented, and maintained as many are not 
shipped with secure defaults. This includes keeping all software up to date, including 
all code libraries used by the application.

2. Protección de la capa de transporte insuficiente ( Top 10 de OWASP )

Applications frequently fail to authenticate, encrypt, and protect the confidentiality 
and integrity of sensitive network traffic. When they do, they sometimes support weak 
algorithms, use expired or invalid certificates, or do not use them correctly.

This allows for packet sniffing.

3. Zero day exploits in software

Networked machines usually provide some kind of service, whether it be a SQL server, 
webserver or FTP server. Vulnerabilities in software will always be a threat as software 
never be developed without security issues.

Vulnerabilities that come under this is for example:
* SQL injection on a database
* XXS on a webserver
* Buffer overflow attacks on an application
* Format string attacks
* ...

4. Hijacking / Spoofing / Session replay

If a middleman is in some way able to observe the traffic between two nodes on a network 
he may try to capture the traffic, modify it and appear as the sender. 

Techniques such as ARP Poisoning comes unde rthis category.

5. Denegación de servicio

Disruption of service by some kind of resource starvation on the victim. I.e packet 
flooding to consume all half-open TCP connections or consuming all bandwith on a 
webserver.