♀️ *Cross-Site Scripting (XSS)* – The goal of this threat could be to inject code that can be executed on the client-side browser.
♀️ *XML External Entities (XXE)* The goal of this may lead to the disclosure of confidential data, denial of service, server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
♀️ *SQL Injection* – The goal of this threat could be to bypass login algorithms, sabotage the data, etc.
♀️ *Sensitive data exposure* – The goal of this can vary anything from passwords, session tokens, credit card data to private health data and more can be exposed
♀️ *Defacement* – The goal of this threat is to modify the page been displayed on a website and redirecting all page requests to a single page that contains the attacker’s message.
♀️ *Session Hijacking* – The goal of this attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the Web Server.
♀️ *Session Fixation* – The goal of this attack permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application
♀️ *Cross-Site Request Forgery (CSRF)* – The goal of this is forcing an end user to execute unwanted actions on a web application in which they’re currently authenticated. If the victim is an administrative account, CSRF can compromise the entire web application
♀️ *Cookie/Session Poisoning* – The goal of this threat is to modify cookies/session data by an attacker to gain unauthorized access.
♀️ *Broken Authentication* – The goal of this attack permits automated attacks such as credential stuffing, where the attacker has a list of valid usernames and passwords.
♀️ *Form Tampering* – The goal of this threat is to modify form data such as prices in e-commerce applications so that the attacker can get items at reduced prices.
Code Injection* – The goal of this threat is to inject code such as PHP, Python, etc. that can be executed on the server. The code can install backdoors, reveal sensitive information, etc
━━━━━━━━━━━━━
0 Comments