Attack
Abuse of Functionality (7)
Abuse of Functionality, Absolute Path Traversal, Account
lockout attack, Cache Poisoning, Cross-User Defacement, Web
applications attack M cont. * Mobile code: non-final public
field * Mobile code: object hijack |
|
Data Structure Attacks (4)
Data Structure Attacks, Buffer Overflow via Environment
Variables, Buffer overflow attack, Integer Overflows/Underflows,
Overflow Binary Resource File
|
|
Exploitation
of Authentication (3)
Exploitation of Authentication, XSRF CSRF, Cross-Site Request
Forgery, One Click Attack
|
|
Injection
(18)
SQL Injection, Alternate XSS Syntax, Argument Injection or
Modification, Blind SQL Injection, Blind XPath Injection,
Code Injection, Command Injection, Cross Frame Scripting,
Cross-site-scripting, Direct Static Code Injection, Format
string attack,Full Path Disclosure, LDAP injection,
Parameter Delimiter, Server-Side Includes (SSI) Injection,
Special Element Injection, Web parameter Tampering, XPATH
Injection, XSS in error pages
|
Malicious
Code Attack (1)
Malicious Code Attack, Logic/time bomb, Replicating (virus),
Trojan Horse
|
|
Path
Traversal Attack (1)
his category of attacks exploit various path vulnerabilities
to access files or directories that are not intended to be
accessed.
|
Probabilistic
Techniques (2)
Probabilistic Techniques, Brute force attack, Cryptanalysis
|
|
Protocol
Manipulation (3)
Protocol Manipulation, HTTP Request Smuggling, HTTP Response
SplittingTraffic flood
|
Resource
Depletion (1)
Resource Depletion, Asymmetric resource consumption
(amplification) |
|
Resource
Manipulation (12)
Absolute Path Traversal, Comment Element, Custom Special
Character Injection, Direct Dynamic Code Evaluation ('Eval
Injection'), Double Encoding, Forced browsing, Path
Traversal, Relative Path Traversal, Repudiation Attack,
Setting Manipulation, Spyware, Unicode Encoding
|
Sniffing
Attacks (1)
Sniffing Attacks, Network Eavesdropping
|
|
Spoofing
(1)
Spoofing attack
|
|
