: The vulnerabilities found during the audit are typically classified into different categories which helps to understand the nature of the vulnerability, potential impact/severity, impacted project components/functionality and exploit scenarios. Trail of Bits, for example, uses the below classification:

1. Access Controls: Related to authorization of users and assessment of rights
2. Auditing and Logging: Related to auditing of actions or logging of problems
3. Authentication: Related to the identification of users
4. Configuration: Related to security configurations of servers, devices or software
5. Cryptography: Related to protecting the privacy or integrity of data
6. Data Exposure: Related to unintended exposure of sensitive information
7. Data Validation: Related to improper reliance on the structure or values of data
8. Denial of Service: Related to causing system failure
9. Error Reporting: Related to the reporting of error conditions in a secure fashion
10. Patching: Related to keeping software up to date
11. Session Management: Related to the identification of authenticated users
12. Timing: Related to race conditions, locking or order of operations
13. Undefined Behavior: Related to undefined behavior triggered by the program