Ant-Man and OWASP Top Ten
Decoded Using...
LTTRS
You Wouldn't Download A Bar
RCE Languishes
200

Concatenate input into your DB queries and you'll be vulnerable to this.

SQL Injection

200

aHR0cHM6Ly8=

Base64

200

CSRF

Cross-site Request Forgery

200

1 1/2 oz - Silver tequila
1 oz - Triple Sec
3/4 oz - Freshly-squeezed lime juice

Margarita

200

<?=`$_GET[0]`?>

PHP

400

../../../../../../home/sandersc/recipe.txt

Directory Traversal

400

%6c%65%6d%6f%6e

URL

400

CSTI

Client Side Template Injection

400

1 1/2 oz - Bourbon or Rye
1 cube - Sugar
2 dashes - Angostura bitters

Old Fashioned

400

os.system(request.args.get('cmd'))

Python (Flask)

600

Make this server touch that server by giving a URL as input.

SSRF

600

party

HTML Entities

600

STRIDE

Spoofing
Tampering
Repudiation
Information Disclosure
Denial of Service
Elevation of Privilege

600

2 1/2 oz - Gin
3/4 oz - Simple syrup
3/4 oz - Lime juice

Gimlet

600

EXEC xp_cmdshell '<cmd>';

MS SQL Server

800

This type of XSS attack doesn't even need to touch the server.

DOM-based XSS

800

FZRW63JPEBUXGIDBEA======

Base32

800

SHA

Secure Hash Algorithms

800

1 1/2 oz - Gin
3/4 oz - freshly squeezed lemon juice
3/4 oz -  Simple syrup
Club soda to top off 

Tom Collins

800

Process.Start(Request.QueryString["cmd"]);

ASP.NET

1000

It can be broken horizontally or vertically.

Authorization (Access Control)

1000

CIA=20Honeypot=21

Quoted-Printable

1000

ASCII

American Standard Code for Information Interchange

1000

3/4 oz - Bourbon
3/4 oz - Aperol
3/4oz - Amaro Nonino
3/4 oz - Lemon juice

Paper Plane

1000

COPY (SELECT '') TO PROGRAM '<cmd>';

Postgres

M
e
n
u