Websites could face big problems from seemingly small Web application vulnerabilities. Many of these bugs fly under the radar because they’re not considered severe. The media often focuses on zero-day and stack attacks, but the most credible threats against a business usually don’t come from cybercriminals writing their own bugs. User enumeration, a facilitator vulnerability, enables attackers to guess or confirm valid users on a system. Rate limiting is a problem that is “a very prevalent problem” among those who haven’t been in the industry a long time.”]
Source: https://www.darkreading.com/application-security/web-app-vulnerabilities-flying-under-your-radar