Seems to be a comprehensible list.<p>> <i>[5] 76.9 CWE-306 Missing Authentication for Critical Function</i><p>> <i>[6] 76.8 CWE-862 Missing Authorization</i><p>Take a look at the sprawling REST articles and postings on the internet. How many of them even address authorization and authentication?