Abuse of Functionality, Absolute Path Traversal, Account lockout attack, Cache Poisoning, Cross-User Defacement, Web applications attack M cont. * Mobile code: non-final public field * Mobile code: object hijack

Data Structure Attacks, Buffer Overflow via Environment Variables, Buffer overflow attack, Integer Overflows/Underflows, Overflow Binary Resource File

Exploitation of Authentication, XSRF CSRF, Cross-Site Request Forgery, One Click Attack

SQL Injection, Alternate XSS Syntax, Argument Injection or Modification, Blind SQL Injection, Blind XPath Injection, Code Injection, Command Injection, Cross Frame Scripting, Cross-site-scripting, Direct Static Code Injection, Format string attack,Full Path Disclosure, LDAP injection, Parameter Delimiter, Server-Side Includes (SSI) Injection, Special Element Injection, Web parameter Tampering, XPATH Injection, XSS in error pages

Malicious Code Attack, Logic/time bomb, Replicating (virus), Trojan Horse

his category of attacks exploit various path vulnerabilities to access files or directories that are not intended to be accessed.

Probabilistic Techniques, Brute force attack, Cryptanalysis

Protocol Manipulation, HTTP Request Smuggling, HTTP Response SplittingTraffic flood

Resource Depletion, Asymmetric resource consumption (amplification)

Absolute Path Traversal, Comment Element, Custom Special Character Injection, Direct Dynamic Code Evaluation ('Eval Injection'), Double Encoding, Forced browsing, Path Traversal, Relative Path Traversal, Repudiation Attack, Setting Manipulation, Spyware, Unicode Encoding

Sniffing Attacks, Network Eavesdropping

Spoofing attack