source: https://owasp.org/www-pdf-archive/OWASP_Top_10_-_2013.pdf