Within the OSSTMM, the five Limitation classifications are:

Vulnerability is the flaw or error that:

denies access to assets for authorized people or processes

allows for privileged access to assets to unauthorized people or processes

allows unauthorized people or processes to hide assets or themselves within the scope

Weakness is the flaw or error that disrupts, reduces, abuses, or nullifies specifically the effects of the five interactivity controls: authentication, indemnification, resilience, subjugation, and continuity.

Concern is the flaw or error that disrupts, reduces, abuses, or nullifies the effects of the flow or execution of the five process controls: non-repudiation, confidentiality, privacy, integrity, and alarm.

Exposure is an unjustifiable action, flaw, or error that provides direct or indirect visibility of targets or assets within the chosen scope channel.

Anomaly is any unidentifiable or unknown element that has not been controlled and cannot be accounted for in normal operations.

As the CISO, you were presented with a penetration testing report with the following results:

SQL injection in a web services application

A flaw in the web services application that allows an attacker to overwrite memory space in order to gain access (i.e., buffer overflow)

The bank is using weak encryption on its wireless access point within the facility.

The back door of the bank is propped open so employees who smoke can enter and exit for breaks.

The incident response plan is current, but it will be 2 years old in 6 weeks.

The banks financial application allows unlimited unsuccessful login attempts.

Create a 1- to 2page table that lists the issues identified in the penetration test, the classification according to OSSTMM, and in which of the five channels (human, physical, wireless, telecommunications, data networks) the issue occurred.