This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Category:Attack
This category is for tagging common types of application security attacks.
What is an attack?
Attacks are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application.
All attack articles should follow the Attack template.
Work to be done here includes
We're in the process of creating, organizing, and completing the attack articles. If you'd like to help, find some stub articles in this category and fill in the details.
Creating articles for the following topics:
- Brute Force: Is the analysis of remote server, checking characters password of the operating system (letters, numbers and symbol's) Brute_force_attack
- File location guessing (see Guessed or visible temporary file)
- URL Redirection
- ... make sure the attack is listed for each vulnerability
Note: many of the items marked vulnerabilities from CLASP and other places are really attacks. Some of the more obvious are:
Subcategories
This category has the following 13 subcategories, out of 13 total.
A
D
E
I
P
R
S
Pages in category "Attack"
The following 73 pages are in this category, out of 73 total.
B
C
- Cache Poisoning
- Cash Overflow
- Code Injection
- Command Injection
- Comment Injection Attack
- Content Security Policy
- Content Spoofing
- Cornucopia - Ecommerce Website Edition - Wiki Deck
- CORS OriginHeaderScrutiny
- CORS RequestPreflighScrutiny
- Credential stuffing
- Cross Frame Scripting
- Cross Site History Manipulation (XSHM)
- Cross Site Tracing
- Cross-Site Request Forgery (CSRF)
- Cross-site Scripting (XSS)
- Cross-User Defacement
- Cryptanalysis
- CSV Injection
- Custom Special Character Injection