Home > CAPEC List > CAPEC-2000: Comprehensive CAPEC Dictionary (Version 2.9)  

CAPEC VIEW: Comprehensive CAPEC Dictionary

 
Comprehensive CAPEC Dictionary
Definition in a New Window Definition in a New Window
View ID: 2000
Structure: Implicit Slice
Status: Draft
+ View Objective

This view (slice) covers all the elements in CAPEC.

+ Relationships
Detailed Attack PatternDetailed Attack Pattern Absolute Path Traversal - (597)
CategoryCategory Abuse Existing Functionality - (210)
DeprecatedDeprecated Abuse of Transaction Data Structure - (257)
Standard Attack PatternStandard Attack Pattern Accessing Functionality Not Properly Constrained by ACLs - (1)
Standard Attack PatternStandard Attack Pattern Accessing, Modifying or Executing Executable Files - (17)
Detailed Attack PatternDetailed Attack Pattern Accessing/Intercepting/Modifying HTTP Cookies - (31)
Detailed Attack PatternDetailed Attack Pattern Account Footprinting - (575)
Meta Attack PatternMeta Attack Pattern Action Spoofing - (173)
Standard Attack PatternStandard Attack Pattern Active OS Fingerprinting - (312)
Detailed Attack PatternDetailed Attack Pattern Activity Hijack - (501)
Detailed Attack PatternDetailed Attack Pattern Add Malicious File to Shared Webroot - (563)
Detailed Attack PatternDetailed Attack Pattern AJAX Fingerprinting - (85)
DeprecatedDeprecated Alter System Components - (526)
Detailed Attack PatternDetailed Attack Pattern Altered Installed BIOS - (532)
Standard Attack PatternStandard Attack Pattern Amplification - (490)
Detailed Attack PatternDetailed Attack Pattern Analysis of Packet Timing and Sizes - (621)
DeprecatedDeprecated Analyze Target - (281)
Meta Attack PatternMeta Attack Pattern API Manipulation - (113)
Standard Attack PatternStandard Attack Pattern Application API Button Hijacking - (388)
Meta Attack PatternMeta Attack Pattern Application API Message Manipulation via Man-in-the-Middle - (384)
Standard Attack PatternStandard Attack Pattern Application API Navigation Remapping - (386)
Standard Attack PatternStandard Attack Pattern Application Fingerprinting - (541)
Standard Attack PatternStandard Attack Pattern Application Footprinting - (580)
Standard Attack PatternStandard Attack Pattern Argument Injection - (6)
Detailed Attack PatternDetailed Attack Pattern Artificially Inflate File Sizes - (572)
Detailed Attack PatternDetailed Attack Pattern ASIC With Malicious Functionality - (539)
Standard Attack PatternStandard Attack Pattern Audit Log Manipulation - (268)
Meta Attack PatternMeta Attack Pattern Authentication Abuse - (114)
Meta Attack PatternMeta Attack Pattern Authentication Bypass - (115)
Detailed Attack PatternDetailed Attack Pattern BitSquatting - (611)
Standard Attack PatternStandard Attack Pattern Black Box Reverse Engineering - (189)
Detailed Attack PatternDetailed Attack Pattern Blind SQL Injection - (7)
Detailed Attack PatternDetailed Attack Pattern Block Access to Libraries - (96)
Standard Attack PatternStandard Attack Pattern Block Logging to Central Repository - (571)
Standard Attack PatternStandard Attack Pattern Blockage - (603)
Detailed Attack PatternDetailed Attack Pattern Blue Boxing - (5)
Detailed Attack PatternDetailed Attack Pattern Browser Fingerprinting - (472)
Meta Attack PatternMeta Attack Pattern Brute Force - (112)
Meta Attack PatternMeta Attack Pattern Buffer Manipulation - (123)
Detailed Attack PatternDetailed Attack Pattern Buffer Overflow in an API Call - (8)
Detailed Attack PatternDetailed Attack Pattern Buffer Overflow in Local Command-Line Utilities - (9)
Detailed Attack PatternDetailed Attack Pattern Buffer Overflow via Environment Variables - (10)
Detailed Attack PatternDetailed Attack Pattern Buffer Overflow via Parameter Expansion - (47)
Detailed Attack PatternDetailed Attack Pattern Buffer Overflow via Symbolic Links - (45)
Detailed Attack PatternDetailed Attack Pattern Bypassing ATA Password Security - (402)
Standard Attack PatternStandard Attack Pattern Bypassing Card or Badge-Based Systems - (396)
Standard Attack PatternStandard Attack Pattern Bypassing Electronic Locks and Access Controls - (395)
Standard Attack PatternStandard Attack Pattern Bypassing of Intermediate Forms in Multiple-Form Sets - (140)
Meta Attack PatternMeta Attack Pattern Bypassing Physical Locks - (391)
Meta Attack PatternMeta Attack Pattern Bypassing Physical Security - (390)
Standard Attack PatternStandard Attack Pattern Cache Poisoning - (141)
Standard Attack PatternStandard Attack Pattern Calling Micro-Services Directly - (179)
Standard Attack PatternStandard Attack Pattern Calling Signed Code From Another Language Within A Sandbox Allow This - (237)
Detailed Attack PatternDetailed Attack Pattern Capture Credentials via Keylogger - (568)
Detailed Attack PatternDetailed Attack Pattern Carry-Off GPS Attack - (628)
Detailed Attack PatternDetailed Attack Pattern Catching exception throw/signal from privileged block - (236)
Standard Attack PatternStandard Attack Pattern Cause Web Server Misclassification - (11)
Detailed Attack PatternDetailed Attack Pattern Cellular Broadcast Message Request - (618)
Detailed Attack PatternDetailed Attack Pattern Cellular Data Injection - (610)
Detailed Attack PatternDetailed Attack Pattern Cellular Jamming - (605)
Detailed Attack PatternDetailed Attack Pattern Cellular Rogue Base Station - (617)
Detailed Attack PatternDetailed Attack Pattern Cellular Traffic Intercept - (609)
Detailed Attack PatternDetailed Attack Pattern Checksum Spoofing - (145)
Standard Attack PatternStandard Attack Pattern Choosing Message Identifier - (12)
Standard Attack PatternStandard Attack Pattern Clickjacking - (103)
Standard Attack PatternStandard Attack Pattern Client-Server Protocol Manipulation - (220)
Detailed Attack PatternDetailed Attack Pattern Client-side Injection-induced Buffer Overflow - (14)
Standard Attack PatternStandard Attack Pattern Cloning Magnetic Strip Cards - (397)
Standard Attack PatternStandard Attack Pattern Cloning RFID Cards or Chips - (399)
Meta Attack PatternMeta Attack Pattern Code Inclusion - (175)
DeprecatedDeprecated Code Injection - (241)
Meta Attack PatternMeta Attack Pattern Code Injection - (242)
CategoryCategory Collect and Analyze Information - (118)
Standard Attack PatternStandard Attack Pattern Collect Data as Provided by Users - (569)
Standard Attack PatternStandard Attack Pattern Collect Data from Common Resource Locations - (150)
Standard Attack PatternStandard Attack Pattern Command Delimiters - (15)
Meta Attack PatternMeta Attack Pattern Command Injection - (248)
Detailed Attack PatternDetailed Attack Pattern Command Line Execution through SQL Injection - (108)
Meta Attack PatternMeta Attack Pattern Communication Channel Manipulation - (216)
CategoryCategory Communications - (512)
ViewView Comprehensive CAPEC Dictionary - (2000)
Detailed Attack PatternDetailed Attack Pattern Compromising Emanations Attack - (623)
Meta Attack PatternMeta Attack Pattern Configuration/Environment Manipulation - (176)
Standard Attack PatternStandard Attack Pattern Connection Reset - (595)
Meta Attack PatternMeta Attack Pattern Contaminate Resource - (548)
Meta Attack PatternMeta Attack Pattern Content Spoofing - (148)
Standard Attack PatternStandard Attack Pattern Content Spoofing Via Application API Manipulation - (389)
Detailed Attack PatternDetailed Attack Pattern Counterfeit GPS Signals - (627)
Detailed Attack PatternDetailed Attack Pattern Counterfeit Hardware Component Inserted During Product Assembly - (520)
Detailed Attack PatternDetailed Attack Pattern Counterfeit Organizations - (544)
Detailed Attack PatternDetailed Attack Pattern Counterfeit Websites - (543)
Standard Attack PatternStandard Attack Pattern Create files with the same name as files protected with a higher classification - (177)
Standard Attack PatternStandard Attack Pattern Create Malicious Client - (202)
Detailed Attack PatternDetailed Attack Pattern Creating a Rogue Certificate Authority Certificate - (459)
Detailed Attack PatternDetailed Attack Pattern Cross Site Identification - (467)
Standard Attack PatternStandard Attack Pattern Cross Site Request Forgery - (62)
Standard Attack PatternStandard Attack Pattern Cross Site Scripting through Log Files - (106)
Standard Attack PatternStandard Attack Pattern Cross Site Tracing - (107)
Standard Attack PatternStandard Attack Pattern Cross Zone Scripting - (104)
Detailed Attack PatternDetailed Attack Pattern Cross-Domain Search Timing - (462)
Detailed Attack PatternDetailed Attack Pattern Cross-Site Flashing - (178)
Detailed Attack PatternDetailed Attack Pattern Cross-Site Scripting in Attributes - (243)
Standard Attack PatternStandard Attack Pattern Cross-Site Scripting in Error Pages - (198)
Standard Attack PatternStandard Attack Pattern Cross-Site Scripting Using Alternate Syntax - (199)
Detailed Attack PatternDetailed Attack Pattern Cross-Site Scripting Using Doubled Characters, e.g. %3C%3Cscript - (245)
Detailed Attack PatternDetailed Attack Pattern Cross-Site Scripting Using Flash - (246)
Standard Attack PatternStandard Attack Pattern Cross-Site Scripting Using MIME Type Mismatch - (209)
Standard Attack PatternStandard Attack Pattern Cross-Site Scripting via Encoded URI Schemes - (244)
Detailed Attack PatternDetailed Attack Pattern Cross-Site Scripting with Masking through Invalid Characters in Identifiers - (247)
Standard Attack PatternStandard Attack Pattern Cryptanalysis - (97)
Detailed Attack PatternDetailed Attack Pattern Cryptanalysis of Cellular Encryption - (608)
Detailed Attack PatternDetailed Attack Pattern Data Injected During Configuration - (536)
Standard Attack PatternStandard Attack Pattern Data Interchange Protocol Manipulation - (277)
DeprecatedDeprecated Degradation - (602)
DeprecatedDeprecated Deplete Resources - (119)
ViewView Deprecated Entries - (483)
DeprecatedDeprecated DEPRECATED: Directory Traversal - (213)
DeprecatedDeprecated DEPRECATED: ICMP Echo Request Ping - (288)
DeprecatedDeprecated DEPRECATED: Infrastructure-based footprinting - (289)
DeprecatedDeprecated DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update - (258)
DeprecatedDeprecated DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution - (260)
DeprecatedDeprecated DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching - (259)
DeprecatedDeprecated DEPRECATED: Pretexting - (411)
DeprecatedDeprecated DEPRECATED: Registry Manipulation - (269)
DeprecatedDeprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-01 - Insufficient Authentication - (334)
DeprecatedDeprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-02 - Insufficient Authorization - (335)
DeprecatedDeprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-04 - Insufficient Transport Layer Protection - (337)
DeprecatedDeprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-13 - Information Leakage - (346)
DeprecatedDeprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-14 - Server Misconfiguration - (347)
DeprecatedDeprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-15 - Application Misconfiguration - (348)
DeprecatedDeprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-16 - Directory Indexing - (349)
DeprecatedDeprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-17 - Improper Filesystem Permissions - (350)
DeprecatedDeprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-20 - Improper Input Handling - (353)
DeprecatedDeprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-21 - Insufficient Anti-automation - (354)
DeprecatedDeprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-22 - Improper Output Handling - (355)
DeprecatedDeprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-40 - Insufficient Process Validation - (373)
DeprecatedDeprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-47 - Insufficient Session Expiration - (380)
DeprecatedDeprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-48 - Insecure Indexing - (381)
DeprecatedDeprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-49 - Insufficient Password Recovery - (382)
Standard Attack PatternStandard Attack Pattern Design Alteration - (447)
ViewView Detailed Abstractions - (284)
Detailed Attack PatternDetailed Attack Pattern Detect Unpublicized Web Pages - (143)
Detailed Attack PatternDetailed Attack Pattern Detect Unpublicized Web Services - (144)
Standard Attack PatternStandard Attack Pattern Development Alteration - (444)
Detailed Attack PatternDetailed Attack Pattern Dictionary-based Password Attack - (16)
Detailed Attack PatternDetailed Attack Pattern Directory Indexing - (127)
Standard Attack PatternStandard Attack Pattern Disable Security Software - (578)
Detailed Attack PatternDetailed Attack Pattern DLL Search Order Hijacking - (471)
Detailed Attack PatternDetailed Attack Pattern DNS Cache Poisoning - (142)
Standard Attack PatternStandard Attack Pattern DNS Rebinding - (275)
Detailed Attack PatternDetailed Attack Pattern DNS Spoofing - (598)
Detailed Attack PatternDetailed Attack Pattern DNS Zone Transfers - (291)
Detailed Attack PatternDetailed Attack Pattern Documentation Alteration to Cause Errors in System Design - (519)
Detailed Attack PatternDetailed Attack Pattern Documentation Alteration to Circumvent Dial-down - (517)
Detailed Attack PatternDetailed Attack Pattern Documentation Alteration to Produce Under-performing Systems - (518)
ViewView Domains of Attack - (3000)
Detailed Attack PatternDetailed Attack Pattern Double Encoding - (120)
Standard Attack PatternStandard Attack Pattern Drop Encryption Level - (620)
Detailed Attack PatternDetailed Attack Pattern DTD Injection - (228)
DeprecatedDeprecated DTD Injection in a SOAP Message - (254)
Detailed Attack PatternDetailed Attack Pattern Dump Password Hashes - (566)
Detailed Attack PatternDetailed Attack Pattern Electromagnetic Side-Channel Attack - (622)
Standard Attack PatternStandard Attack Pattern Email Injection - (134)
Detailed Attack PatternDetailed Attack Pattern Embedding NULL Bytes - (52)
Detailed Attack PatternDetailed Attack Pattern Embedding Script (XSS) in HTTP Headers - (86)
Detailed Attack PatternDetailed Attack Pattern Embedding Scripts in HTTP Query Strings - (32)
Standard Attack PatternStandard Attack Pattern Embedding Scripts in Non-Script Elements - (18)
Standard Attack PatternStandard Attack Pattern Embedding Scripts within Scripts - (19)
CategoryCategory Employ Probabilistic Techniques - (223)
Standard Attack PatternStandard Attack Pattern Encryption Brute Forcing - (20)
CategoryCategory Engage in Deceptive Interactions - (156)
Detailed Attack PatternDetailed Attack Pattern Enumerate Mail Exchange (MX) Records - (290)
DeprecatedDeprecated Environment Variable Manipulation - (264)
Standard Attack PatternStandard Attack Pattern Evercookie - (464)
Detailed Attack PatternDetailed Attack Pattern Evil Twin Wi-Fi Attack - (615)
Meta Attack PatternMeta Attack Pattern Excavation - (116)
Meta Attack PatternMeta Attack Pattern Excessive Allocation - (130)
DeprecatedDeprecated Execute Code - (525)
Detailed Attack PatternDetailed Attack Pattern Expanding Control over the Operating System from the Database - (470)
Standard Attack PatternStandard Attack Pattern Exploit Script-Based APIs - (160)
Standard Attack PatternStandard Attack Pattern Exploit Test APIs - (121)
DeprecatedDeprecated Exploitation of Authorization - (232)
Meta Attack PatternMeta Attack Pattern Exploitation of Trusted Credentials - (21)
Standard Attack PatternStandard Attack Pattern Exploiting Incorrectly Configured Access Control Security Levels - (180)
Standard Attack PatternStandard Attack Pattern Exploiting Incorrectly Configured SSL - (217)
Detailed Attack PatternDetailed Attack Pattern Exploiting Multiple Input Interpretation Layers - (43)
Meta Attack PatternMeta Attack Pattern Exploiting Trust in Client - (22)
Detailed Attack PatternDetailed Attack Pattern Explore for Predictable Temporary File Names - (149)
Standard Attack PatternStandard Attack Pattern Fake the Source of Data - (194)
Meta Attack PatternMeta Attack Pattern Fault Injection - (624)
Standard Attack PatternStandard Attack Pattern File Content Injection - (23)
Meta Attack PatternMeta Attack Pattern File Manipulation - (165)
Detailed Attack PatternDetailed Attack Pattern Filter Failure through Buffer Overflow - (24)
Meta Attack PatternMeta Attack Pattern Fingerprinting - (224)
Detailed Attack PatternDetailed Attack Pattern Flash File Overlay - (181)
Standard Attack PatternStandard Attack Pattern Flash Injection - (182)
Detailed Attack PatternDetailed Attack Pattern Flash Memory Attacks - (458)
Standard Attack PatternStandard Attack Pattern Flash Parameter Injection - (174)
Meta Attack PatternMeta Attack Pattern Flooding - (125)
Meta Attack PatternMeta Attack Pattern Footprinting - (169)
Detailed Attack PatternDetailed Attack Pattern Force the System to Reset Values - (166)
Standard Attack PatternStandard Attack Pattern Force Use of Corrupted Files - (263)
Meta Attack PatternMeta Attack Pattern Forced Deadlock - (25)
Detailed Attack PatternDetailed Attack Pattern Forced Integer Overflow - (92)
Standard Attack PatternStandard Attack Pattern Forceful Browsing - (87)
Standard Attack PatternStandard Attack Pattern Format String Injection - (135)
Meta Attack PatternMeta Attack Pattern Functionality Bypass - (554)
Meta Attack PatternMeta Attack Pattern Functionality Misuse - (212)
Meta Attack PatternMeta Attack Pattern Fuzzing - (28)
Detailed Attack PatternDetailed Attack Pattern Fuzzing and observing application log data/errors for application mapping - (215)
Detailed Attack PatternDetailed Attack Pattern Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping - (214)
Detailed Attack PatternDetailed Attack Pattern Fuzzing for garnering other adjacent user/sensitive data - (261)
DeprecatedDeprecated Gain Physical Access - (436)
Standard Attack PatternStandard Attack Pattern Generic Cross-Browser Cross-Domain Theft - (468)
DeprecatedDeprecated Global variable manipulation - (265)
Detailed Attack PatternDetailed Attack Pattern Group Permission Footprinting - (576)
Standard Attack PatternStandard Attack Pattern Hacking Hardware - (401)
CategoryCategory Hardware - (515)
Detailed Attack PatternDetailed Attack Pattern Hardware Component Substitution - (531)
Detailed Attack PatternDetailed Attack Pattern Hardware Component Substitution During Baselining - (516)
Detailed Attack PatternDetailed Attack Pattern Hardware Design Specifications Are Altered - (521)
Meta Attack PatternMeta Attack Pattern Hardware Integrity Attack - (440)
Detailed Attack PatternDetailed Attack Pattern Harvesting Usernames or UserIDs via Application API Event Monitoring - (383)
Standard Attack PatternStandard Attack Pattern Hijacking a privileged process - (234)
Standard Attack PatternStandard Attack Pattern Hijacking a Privileged Thread of Execution - (30)
Standard Attack PatternStandard Attack Pattern Host Discovery - (292)
Standard Attack PatternStandard Attack Pattern HTTP DoS - (469)
Standard Attack PatternStandard Attack Pattern HTTP Flood - (488)
Detailed Attack PatternDetailed Attack Pattern HTTP Parameter Pollution (HPP) - (460)
Detailed Attack PatternDetailed Attack Pattern HTTP Request Smuggling - (33)
Standard Attack PatternStandard Attack Pattern HTTP Request Splitting - (105)
Detailed Attack PatternDetailed Attack Pattern HTTP Response Smuggling - (273)
Detailed Attack PatternDetailed Attack Pattern HTTP Response Splitting - (34)
Detailed Attack PatternDetailed Attack Pattern HTTP Verb Tampering - (274)
Detailed Attack PatternDetailed Attack Pattern ICMP Address Mask Request - (294)
Detailed Attack PatternDetailed Attack Pattern ICMP Echo Request Ping - (285)
Detailed Attack PatternDetailed Attack Pattern ICMP Error Message Echoing Integrity Probe - (330)
Detailed Attack PatternDetailed Attack Pattern ICMP Error Message Quoting Probe - (329)
Standard Attack PatternStandard Attack Pattern ICMP Fingerprinting Probes - (316)
Standard Attack PatternStandard Attack Pattern ICMP Flood - (487)
Standard Attack PatternStandard Attack Pattern ICMP Fragmentation - (496)
Detailed Attack PatternDetailed Attack Pattern ICMP Information Request - (296)
Detailed Attack PatternDetailed Attack Pattern ICMP IP 'ID' Field Error Message Probe - (332)
Detailed Attack PatternDetailed Attack Pattern ICMP IP Total Length Field Probe - (331)
Detailed Attack PatternDetailed Attack Pattern ICMP Timestamp Request - (295)
Meta Attack PatternMeta Attack Pattern Identity Spoofing - (151)
Detailed Attack PatternDetailed Attack Pattern iFrame Overlay - (222)
Standard Attack PatternStandard Attack Pattern IMAP/SMTP Command Injection - (183)
Detailed Attack PatternDetailed Attack Pattern Implementing a callback to system routine (old AWT Queue) - (235)
Standard Attack PatternStandard Attack Pattern Inducing Account Lockout - (2)
Detailed Attack PatternDetailed Attack Pattern Infiltration of Hardware Development Environment - (537)
Detailed Attack PatternDetailed Attack Pattern Infiltration of Software Development Environment - (511)
Meta Attack PatternMeta Attack Pattern Information Elicitation via Social Engineering - (410)
Meta Attack PatternMeta Attack Pattern Information Gathering from Non-Traditional Sources - (409)
Meta Attack PatternMeta Attack Pattern Information Gathering from Traditional Sources - (408)
Meta Attack PatternMeta Attack Pattern Infrastructure Manipulation - (161)
CategoryCategory Inject Unexpected Items - (152)
Meta Attack PatternMeta Attack Pattern Input Data Manipulation - (153)
Detailed Attack PatternDetailed Attack Pattern Install New Service - (550)
Detailed Attack PatternDetailed Attack Pattern Install Rootkit - (552)
Standard Attack PatternStandard Attack Pattern Integer Attacks - (128)
Standard Attack PatternStandard Attack Pattern Intent Intercept - (499)
Standard Attack PatternStandard Attack Pattern Intent Spoof - (502)
Standard Attack PatternStandard Attack Pattern Inter-component Protocol Manipulation - (276)
Meta Attack PatternMeta Attack Pattern Interception - (117)
Detailed Attack PatternDetailed Attack Pattern IP 'ID' Echoed Byte-Order Probe - (318)
Detailed Attack PatternDetailed Attack Pattern IP (DF) 'Don't Fragment Bit' Echoing Probe - (319)
Standard Attack PatternStandard Attack Pattern IP Fingerprinting Probes - (314)
Detailed Attack PatternDetailed Attack Pattern IP ID Sequencing Probe - (317)
Standard Attack PatternStandard Attack Pattern Jamming - (601)
Detailed Attack PatternDetailed Attack Pattern JSON Hijacking (aka JavaScript Hijacking) - (111)
Standard Attack PatternStandard Attack Pattern LDAP Injection - (136)
Standard Attack PatternStandard Attack Pattern Leverage Alternate Encoding - (267)
Standard Attack PatternStandard Attack Pattern Leverage Executable Code in Non-Executable Files - (35)
Meta Attack PatternMeta Attack Pattern Leveraging Active Man in the Middle Attacks to Bypass Same Origin Policy - (466)
Meta Attack PatternMeta Attack Pattern Leveraging Race Conditions - (26)
Detailed Attack PatternDetailed Attack Pattern Leveraging Race Conditions via Symbolic Links - (27)
Detailed Attack PatternDetailed Attack Pattern Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions - (29)
DeprecatedDeprecated Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior - (211)
Detailed Attack PatternDetailed Attack Pattern Leveraging/Manipulating Configuration File Search Paths - (38)
DeprecatedDeprecated Lifting credential(s)/key material embedded in client distributions (thick or thin) - (205)
Detailed Attack PatternDetailed Attack Pattern Lifting Sensitive Data Embedded in Cache - (204)
Standard Attack PatternStandard Attack Pattern Lifting signing key and signing malicious code from a production environment - (206)
Standard Attack PatternStandard Attack Pattern Linux Terminal Injection - (249)
Standard Attack PatternStandard Attack Pattern Local Code Inclusion - (251)
Meta Attack PatternMeta Attack Pattern Local Execution of Code - (549)
Meta Attack PatternMeta Attack Pattern Lock Bumping - (392)
Standard Attack PatternStandard Attack Pattern Lock Picking - (393)
Detailed Attack PatternDetailed Attack Pattern Log Injection-Tampering-Forging - (93)
Standard Attack PatternStandard Attack Pattern Magnetic Strip Card Brute Force Attacks - (398)
Detailed Attack PatternDetailed Attack Pattern Malicious Automated Software Update - (187)
Detailed Attack PatternDetailed Attack Pattern Malicious Gray Market Hardware - (535)
Standard Attack PatternStandard Attack Pattern Malicious Hardware Component Replacement - (522)
Standard Attack PatternStandard Attack Pattern Malicious Hardware Update - (534)
Detailed Attack PatternDetailed Attack Pattern Malicious Logic Inserted Into Product Software by Authorized Developer - (443)
Standard Attack PatternStandard Attack Pattern Malicious Logic Inserted Into To Product Software - (442)
Meta Attack PatternMeta Attack Pattern Malicious Logic Insertion - (441)
Standard Attack PatternStandard Attack Pattern Malicious Logic Insertion into Product Hardware - (452)
Standard Attack PatternStandard Attack Pattern Malicious Logic Insertion into Product Memory - (456)
Detailed Attack PatternDetailed Attack Pattern Malicious Logic Insertion into Product Software via Configuration Management Manipulation - (445)
Detailed Attack PatternDetailed Attack Pattern Malicious Logic Insertion into Product Software via Inclusion of 3rd Party Component Dependency - (446)
DeprecatedDeprecated Malicious Logic Insertion via Counterfeit Hardware - (453)
DeprecatedDeprecated Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components - (455)
Detailed Attack PatternDetailed Attack Pattern Malicious Manual Software Update - (533)
Standard Attack PatternStandard Attack Pattern Malicious Software Download - (185)
Standard Attack PatternStandard Attack Pattern Malicious Software Implanted - (523)
Standard Attack PatternStandard Attack Pattern Malicious Software Update - (186)
Detailed Attack PatternDetailed Attack Pattern Malware Infection into Product Software - (448)
DeprecatedDeprecated Malware Propagation via Infected Peripheral Device - (451)
DeprecatedDeprecated Malware Propagation via USB Stick - (449)
DeprecatedDeprecated Malware Propagation via USB U3 Autorun - (450)
Standard Attack PatternStandard Attack Pattern Malware-Directed Internal Reconnaissance - (529)
Standard Attack PatternStandard Attack Pattern Man in the Middle Attack - (94)
Standard Attack PatternStandard Attack Pattern Manipulate Application Registry Values - (203)
DeprecatedDeprecated Manipulate Canonicalization - (266)
CategoryCategory Manipulate Data Structures - (255)
CategoryCategory Manipulate System Resources - (262)
DeprecatedDeprecated Manipulate System Users - (527)
CategoryCategory Manipulate Timing and State - (172)
Detailed Attack PatternDetailed Attack Pattern Manipulating Hidden Fields - (162)
Standard Attack PatternStandard Attack Pattern Manipulating Opaque Client-based Data Tokens - (39)
Meta Attack PatternMeta Attack Pattern Manipulating User State - (74)
Standard Attack PatternStandard Attack Pattern Manipulating User-Controlled Variables - (77)
Detailed Attack PatternDetailed Attack Pattern Manipulating Web Input to File System Calls - (76)
Standard Attack PatternStandard Attack Pattern Manipulating Writeable Configuration Files - (75)
Detailed Attack PatternDetailed Attack Pattern Manipulating Writeable Terminal Devices - (40)
Meta Attack PatternMeta Attack Pattern Manipulation During Distribution - (439)
ViewView Mechanisms of Attack - (1000)
ViewView Meta Abstractions - (282)
Detailed Attack PatternDetailed Attack Pattern MIME Conversion - (42)
Detailed Attack PatternDetailed Attack Pattern Mobile Device Fault Injection - (625)
ViewView Mobile Device Patterns - (553)
Detailed Attack PatternDetailed Attack Pattern Mobile Phishing - (164)
Meta Attack PatternMeta Attack Pattern Modification During Manufacture - (438)
DeprecatedDeprecated Modification of Existing Components with Counterfeit Hardware - (454)
Detailed Attack PatternDetailed Attack Pattern Modification of Registry Run Keys - (270)
Detailed Attack PatternDetailed Attack Pattern Modify Existing Service - (551)
Detailed Attack PatternDetailed Attack Pattern Modify Shared File - (562)
Standard Attack PatternStandard Attack Pattern Navigation Remapping To Propagate Malicious Content - (387)
Standard Attack PatternStandard Attack Pattern Network Topology Mapping - (309)
Detailed Attack PatternDetailed Attack Pattern Object Relational Mapping Injection - (109)
Meta Attack PatternMeta Attack Pattern Obstruction - (607)
Standard Attack PatternStandard Attack Pattern Obtain Data via Utilities - (567)
Detailed Attack PatternDetailed Attack Pattern Open Source Libraries Altered - (538)
Standard Attack PatternStandard Attack Pattern OS Command Injection - (88)
Standard Attack PatternStandard Attack Pattern OS Fingerprinting - (311)
Detailed Attack PatternDetailed Attack Pattern Overflow Binary Resource File - (44)
Standard Attack PatternStandard Attack Pattern Overflow Buffers - (100)
Detailed Attack PatternDetailed Attack Pattern Overflow Variables and Tags - (46)
Standard Attack PatternStandard Attack Pattern Overread Buffers - (540)
Detailed Attack PatternDetailed Attack Pattern Owner Footprinting - (577)
Detailed Attack PatternDetailed Attack Pattern Padding Oracle Crypto Attack - (463)
Meta Attack PatternMeta Attack Pattern Parameter Injection - (137)
Detailed Attack PatternDetailed Attack Pattern Passing Local Filenames to Functions That Expect a URL - (48)
Standard Attack PatternStandard Attack Pattern Passive OS Fingerprinting - (313)
Standard Attack PatternStandard Attack Pattern Password Brute Forcing - (49)
Standard Attack PatternStandard Attack Pattern Password Recovery Exploitation - (50)
Standard Attack PatternStandard Attack Pattern Path Traversal - (126)
Standard Attack PatternStandard Attack Pattern Patiently Waiting at Incorrect Location - (616)
Standard Attack PatternStandard Attack Pattern Pharming - (89)
Standard Attack PatternStandard Attack Pattern Phishing - (98)
Detailed Attack PatternDetailed Attack Pattern PHP Local File Inclusion - (252)
Detailed Attack PatternDetailed Attack Pattern PHP Remote File Inclusion - (193)
Standard Attack PatternStandard Attack Pattern Physical Destruction of Device or Component - (547)
CategoryCategory Physical Security - (514)
Meta Attack PatternMeta Attack Pattern Physical Theft - (507)
Meta Attack PatternMeta Attack Pattern Pointer Manipulation - (129)
Detailed Attack PatternDetailed Attack Pattern Poison Web Service Registry - (51)
Standard Attack PatternStandard Attack Pattern Port Scanning - (300)
Detailed Attack PatternDetailed Attack Pattern Postfix, Null Terminate, and Backslash - (53)
Meta Attack PatternMeta Attack Pattern Pretexting via Customer Service - (412)
Meta Attack PatternMeta Attack Pattern Pretexting via Delivery Person - (414)
Meta Attack PatternMeta Attack Pattern Pretexting via Phone - (415)
Meta Attack PatternMeta Attack Pattern Pretexting via Tech Support - (413)
Standard Attack PatternStandard Attack Pattern Principal Spoof - (195)
Meta Attack PatternMeta Attack Pattern Privilege Abuse - (122)
Meta Attack PatternMeta Attack Pattern Privilege Escalation - (233)
Detailed Attack PatternDetailed Attack Pattern Probe Application Memory - (546)
Detailed Attack PatternDetailed Attack Pattern Probe iOS Screenshots - (498)
Detailed Attack PatternDetailed Attack Pattern Process Footprinting - (573)
Meta Attack PatternMeta Attack Pattern Protocol Analysis - (192)
Meta Attack PatternMeta Attack Pattern Protocol Manipulation - (272)
Detailed Attack PatternDetailed Attack Pattern Provide Counterfeit Component - (530)
Standard Attack PatternStandard Attack Pattern Pull Data from System Resources - (545)
Standard Attack PatternStandard Attack Pattern Query System for Information - (54)
Standard Attack PatternStandard Attack Pattern Rainbow Table Password Cracking - (55)
Detailed Attack PatternDetailed Attack Pattern Read Sensitive Strings Within an Executable - (191)
DeprecatedDeprecated Reconnaissance - (286)
Standard Attack PatternStandard Attack Pattern Redirect Access to Libraries - (159)
Standard Attack PatternStandard Attack Pattern Reflection Attack in Authentication Protocol - (90)
Standard Attack PatternStandard Attack Pattern Reflection Injection - (138)
Standard Attack PatternStandard Attack Pattern Regular Expression Exponential Blowup - (492)
Detailed Attack PatternDetailed Attack Pattern Relative Path Traversal - (139)
Standard Attack PatternStandard Attack Pattern Remote Code Inclusion - (253)
Detailed Attack PatternDetailed Attack Pattern Remote Services with Stolen Credentials - (555)
Detailed Attack PatternDetailed Attack Pattern Removal of filters: Input filters, output filters, data masking - (200)
Standard Attack PatternStandard Attack Pattern Removing Important Client Functionality - (207)
DeprecatedDeprecated Removing/short-circuiting 'guard logic' - (56)
Detailed Attack PatternDetailed Attack Pattern Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements - (208)
Detailed Attack PatternDetailed Attack Pattern Replace File Extension Handlers - (556)
Detailed Attack PatternDetailed Attack Pattern Replace Trusted Executable - (558)
Detailed Attack PatternDetailed Attack Pattern Replace Winlogon Helper DLL - (579)
Meta Attack PatternMeta Attack Pattern Resource Injection - (240)
Meta Attack PatternMeta Attack Pattern Resource Leak Exposure - (131)
Meta Attack PatternMeta Attack Pattern Resource Location Spoofing - (154)
Detailed Attack PatternDetailed Attack Pattern Restful Privilege Elevation - (58)
Detailed Attack PatternDetailed Attack Pattern Retrieve Embedded Sensitive Data - (37)
Standard Attack PatternStandard Attack Pattern Reusing Session IDs (aka Session Replay) - (60)
Detailed Attack PatternDetailed Attack Pattern Reverse Engineer an Executable to Expose Assumed Hidden Functionality or Content - (190)
Meta Attack PatternMeta Attack Pattern Reverse Engineering - (188)
Standard Attack PatternStandard Attack Pattern RFID Chip Deactivation or Destruction - (400)
Standard Attack PatternStandard Attack Pattern Rogue Integration Procedures - (524)
Detailed Attack PatternDetailed Attack Pattern Rooting SIM Cards - (614)
Detailed Attack PatternDetailed Attack Pattern Run Software at Logon - (564)
Standard Attack PatternStandard Attack Pattern SaaS User Request Forgery - (510)
Detailed Attack PatternDetailed Attack Pattern Scanning for Vulnerable Software - (310)
Detailed Attack PatternDetailed Attack Pattern Schedule Software To Run - (557)
Standard Attack PatternStandard Attack Pattern Schema Poisoning - (271)
Detailed Attack PatternDetailed Attack Pattern Scheme Squatting - (505)
Detailed Attack PatternDetailed Attack Pattern Screen Temporary Files for Sensitive Information - (155)
Detailed Attack PatternDetailed Attack Pattern Security Software Footprinting - (581)
Detailed Attack PatternDetailed Attack Pattern Server Side Include (SSI) Injection - (101)
Detailed Attack PatternDetailed Attack Pattern Services Footprinting - (574)
Standard Attack PatternStandard Attack Pattern Session Credential Falsification through Forging - (196)
Detailed Attack PatternDetailed Attack Pattern Session Credential Falsification through Manipulation - (226)
Detailed Attack PatternDetailed Attack Pattern Session Credential Falsification through Prediction - (59)
Standard Attack PatternStandard Attack Pattern Session Fixation - (61)
Standard Attack PatternStandard Attack Pattern Session Sidejacking - (102)
Meta Attack PatternMeta Attack Pattern Shared Data Manipulation - (124)
Detailed Attack PatternDetailed Attack Pattern Signal Strength Tracking - (619)
Standard Attack PatternStandard Attack Pattern Signature Spoof - (473)
Detailed Attack PatternDetailed Attack Pattern Signature Spoofing by Improper Validation - (475)
Detailed Attack PatternDetailed Attack Pattern Signature Spoofing by Key Recreation - (485)
Detailed Attack PatternDetailed Attack Pattern Signature Spoofing by Key Theft - (474)
Detailed Attack PatternDetailed Attack Pattern Signature Spoofing by Misrepresentation - (476)
Detailed Attack PatternDetailed Attack Pattern Signature Spoofing by Mixing Signed and Unsigned Content - (477)
Detailed Attack PatternDetailed Attack Pattern Signature-Based Avoidance - (570)
Standard Attack PatternStandard Attack Pattern Simple Script Injection - (63)
Detailed Attack PatternDetailed Attack Pattern Smudge Attack - (626)
Detailed Attack PatternDetailed Attack Pattern Sniff Application Code - (65)
Standard Attack PatternStandard Attack Pattern Sniffing Attacks - (157)
Detailed Attack PatternDetailed Attack Pattern Sniffing Network Traffic - (158)
Standard Attack PatternStandard Attack Pattern SOAP Array Blowup - (493)
Detailed Attack PatternDetailed Attack Pattern SOAP Array Overflow - (256)
Standard Attack PatternStandard Attack Pattern Soap Manipulation - (279)
Detailed Attack PatternDetailed Attack Pattern SOAP Parameter Tampering - (280)
CategoryCategory Social Engineering - (403)
Meta Attack PatternMeta Attack Pattern Social Information Gathering Attacks - (404)
Meta Attack PatternMeta Attack Pattern Social Information Gathering via Dumpster Diving - (406)
Meta Attack PatternMeta Attack Pattern Social Information Gathering via Pretexting - (407)
Meta Attack PatternMeta Attack Pattern Social Information Gathering via Research - (405)
CategoryCategory Software - (513)
Meta Attack PatternMeta Attack Pattern Software Integrity Attack - (184)
Detailed Attack PatternDetailed Attack Pattern Spear Phishing - (163)
Detailed Attack PatternDetailed Attack Pattern Spoofing of UDDI/ebXML Messages - (218)
Standard Attack PatternStandard Attack Pattern SQL Injection - (66)
Detailed Attack PatternDetailed Attack Pattern SQL Injection through SOAP Parameter Tampering - (110)
Standard Attack PatternStandard Attack Pattern SSL Flood - (489)
ViewView Standard Abstractions - (283)
Detailed Attack PatternDetailed Attack Pattern String Format Overflow in syslog() - (67)
Detailed Attack PatternDetailed Attack Pattern Subversion of authorization checks: cache filtering, programmatic security, etc. - (239)
CategoryCategory Subvert Access Control - (225)
Standard Attack PatternStandard Attack Pattern Subvert Code-signing Facilities - (68)
Detailed Attack PatternDetailed Attack Pattern Subverting Environment Variable Values - (13)
CategoryCategory Supply Chain - (437)
Meta Attack PatternMeta Attack Pattern Sustained Client Engagement - (227)
Detailed Attack PatternDetailed Attack Pattern Symlink Attack - (132)
Standard Attack PatternStandard Attack Pattern Tapjacking - (506)
Meta Attack PatternMeta Attack Pattern Target Influence via Eye Cues - (429)
Meta Attack PatternMeta Attack Pattern Target Influence via Framing - (425)
Meta Attack PatternMeta Attack Pattern Target Influence via Instant Rapport - (435)
Meta Attack PatternMeta Attack Pattern Target Influence via Interview and Interrogation - (434)
Meta Attack PatternMeta Attack Pattern Target Influence via Manipulation of Incentives - (426)
Meta Attack PatternMeta Attack Pattern Target Influence via Micro-Expressions - (430)
Meta Attack PatternMeta Attack Pattern Target Influence via Modes of Thinking - (428)
Meta Attack PatternMeta Attack Pattern Target Influence via Neuro-Linguistic Programming (NLP) - (431)
Meta Attack PatternMeta Attack Pattern Target Influence via Perception of Authority - (421)
Meta Attack PatternMeta Attack Pattern Target Influence via Perception of Commitment and Consistency - (422)
Meta Attack PatternMeta Attack Pattern Target Influence via Perception of Concession - (419)
Meta Attack PatternMeta Attack Pattern Target Influence via Perception of Consensus or Social Proof - (424)
Meta Attack PatternMeta Attack Pattern Target Influence via Perception of Liking - (423)
Meta Attack PatternMeta Attack Pattern Target Influence via Perception of Obligation - (418)
Meta Attack PatternMeta Attack Pattern Target Influence via Perception of Reciprocation - (417)
Meta Attack PatternMeta Attack Pattern Target Influence via Perception of Scarcity - (420)
Meta Attack PatternMeta Attack Pattern Target Influence via Psychological Principles - (427)
Meta Attack PatternMeta Attack Pattern Target Influence via Social Engineering - (416)
Meta Attack PatternMeta Attack Pattern Target Influence via The Human Buffer Overflow - (433)
Meta Attack PatternMeta Attack Pattern Target Influence via Voice in NLP - (432)
Standard Attack PatternStandard Attack Pattern Target Programs with Elevated Privileges - (69)
Standard Attack PatternStandard Attack Pattern Targeted Malware - (542)
Detailed Attack PatternDetailed Attack Pattern Task Impersonation - (504)
Detailed Attack PatternDetailed Attack Pattern TCP 'RST' Flag Checksum Probe - (328)
Detailed Attack PatternDetailed Attack Pattern TCP (ISN) Counter Rate Probe - (323)
Detailed Attack PatternDetailed Attack Pattern TCP (ISN) Greatest Common Divisor Probe - (322)
Detailed Attack PatternDetailed Attack Pattern TCP (ISN) Sequence Predictability Probe - (324)
Detailed Attack PatternDetailed Attack Pattern TCP ACK Ping - (297)
Detailed Attack PatternDetailed Attack Pattern TCP ACK Scan - (305)
Detailed Attack PatternDetailed Attack Pattern TCP Congestion Control Flag (ECN) Probe - (325)
Detailed Attack PatternDetailed Attack Pattern TCP Connect Scan - (301)
Detailed Attack PatternDetailed Attack Pattern TCP FIN scan - (302)
Standard Attack PatternStandard Attack Pattern TCP Flood - (482)
Standard Attack PatternStandard Attack Pattern TCP Fragmentation - (494)
Detailed Attack PatternDetailed Attack Pattern TCP Initial Window Size Probe - (326)
Detailed Attack PatternDetailed Attack Pattern TCP Null Scan - (304)
Detailed Attack PatternDetailed Attack Pattern TCP Options Probe - (327)
Detailed Attack PatternDetailed Attack Pattern TCP RPC Scan - (307)
Detailed Attack PatternDetailed Attack Pattern TCP RST Injection - (596)
Detailed Attack PatternDetailed Attack Pattern TCP Sequence Number Probe - (321)
Detailed Attack PatternDetailed Attack Pattern TCP SYN Ping - (299)
Detailed Attack PatternDetailed Attack Pattern TCP SYN Scan - (287)
Detailed Attack PatternDetailed Attack Pattern TCP Timestamp Probe - (320)
Detailed Attack PatternDetailed Attack Pattern TCP Window Scan - (306)
Detailed Attack PatternDetailed Attack Pattern TCP Xmas Scan - (303)
Standard Attack PatternStandard Attack Pattern TCP/IP Fingerprinting Probes - (315)
Detailed Attack PatternDetailed Attack Pattern Traceroute Route Enumeration - (293)
Meta Attack PatternMeta Attack Pattern Traffic Injection - (594)
Standard Attack PatternStandard Attack Pattern Transaction or Event Tampering via Application API Manipulation - (385)
Detailed Attack PatternDetailed Attack Pattern Transparent Proxy Abuse - (465)
Standard Attack PatternStandard Attack Pattern Try All Common Switches - (133)
Detailed Attack PatternDetailed Attack Pattern Try Common(default) Usernames and Passwords - (70)
Standard Attack PatternStandard Attack Pattern UDP Flood - (486)
Standard Attack PatternStandard Attack Pattern UDP Fragmentation - (495)
Detailed Attack PatternDetailed Attack Pattern UDP Ping - (298)
Detailed Attack PatternDetailed Attack Pattern UDP Scan - (308)
Detailed Attack PatternDetailed Attack Pattern Unauthorized Use of Device Resources - (629)
Detailed Attack PatternDetailed Attack Pattern URL Encoding - (72)
Detailed Attack PatternDetailed Attack Pattern USB Memory Attacks - (457)
Standard Attack PatternStandard Attack Pattern Use of Known Domain Credentials - (560)
Standard Attack PatternStandard Attack Pattern User-Controlled Filename - (73)
Standard Attack PatternStandard Attack Pattern Using a Snap Gun Lock to Force a Lock - (394)
Detailed Attack PatternDetailed Attack Pattern Using Alternative IP Address Encodings - (4)
Detailed Attack PatternDetailed Attack Pattern Using Escaped Slashes in Alternate Encoding - (78)
Detailed Attack PatternDetailed Attack Pattern Using Leading 'Ghost' Character Sequences to Bypass Input Filters - (3)
Detailed Attack PatternDetailed Attack Pattern Using Meta-characters in E-mail Headers to Inject Malicious Payloads - (41)
Detailed Attack PatternDetailed Attack Pattern Using Slashes and URL Encoding Combined to Bypass Validation Logic - (64)
Detailed Attack PatternDetailed Attack Pattern Using Slashes in Alternate Encoding - (79)
Detailed Attack PatternDetailed Attack Pattern Using Unicode Encoding to Bypass Validation Logic - (71)
Standard Attack PatternStandard Attack Pattern Using Unpublished APIs - (36)
Detailed Attack PatternDetailed Attack Pattern Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege - (238)
Detailed Attack PatternDetailed Attack Pattern Using UTF-8 Encoding to Bypass Validation Logic - (80)
Detailed Attack PatternDetailed Attack Pattern Utilizing REST's Trust in the System Resource to Register Man in the Middle - (57)
DeprecatedDeprecated Variable Manipulation - (171)
Standard Attack PatternStandard Attack Pattern Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS)) - (82)
ViewView WASC Threat Classification 2.0 - (333)
CategoryCategory WASC-03 - Integer Overflows - (336)
CategoryCategory WASC-05 - Remote File Inclusion - (338)
CategoryCategory WASC-06 - Format String - (339)
CategoryCategory WASC-07 - Buffer Overflow - (340)
CategoryCategory WASC-08 - Cross-Site Scripting - (341)
CategoryCategory WASC-09 - Cross-Site Request Forgery - (342)
CategoryCategory WASC-10 - Denial of Service - (343)
CategoryCategory WASC-11 - Brute Force - (344)
CategoryCategory WASC-12 - Content Spoofing - (345)
CategoryCategory WASC-18 - Credential/Session Prediction - (351)
CategoryCategory WASC-19 - SQL Injection - (352)
CategoryCategory WASC-23 - XML Injection - (356)
CategoryCategory WASC-24 - HTTP Request Splitting - (357)
CategoryCategory WASC-25 - HTTP Response Splitting - (358)
CategoryCategory WASC-26 - HTTP Request Smuggling - (359)
CategoryCategory WASC-27 - HTTP Response Smuggling - (360)
CategoryCategory WASC-28 - Null Byte Injection - (361)
CategoryCategory WASC-29 - LDAP Injection - (362)
CategoryCategory WASC-30 - Mail Command Injection - (363)
CategoryCategory WASC-31 - OS Commanding - (364)
CategoryCategory WASC-32 - Routing Detour - (365)
CategoryCategory WASC-33 - Path Traversal - (366)
CategoryCategory WASC-34 - Predictable Resource Location - (367)
CategoryCategory WASC-35 - SOAP Array Abuse - (368)
CategoryCategory WASC-36 - SSI Injection - (369)
CategoryCategory WASC-37 - Session Fixation - (370)
CategoryCategory WASC-38 - URL Redirector Abuse - (371)
CategoryCategory WASC-39 - XPath Injection - (372)
CategoryCategory WASC-41 - XML Attribute Blowup - (374)
CategoryCategory WASC-42 - Abuse of Functionality - (375)
CategoryCategory WASC-43 - XML External Entities - (376)
CategoryCategory WASC-44 - XML Entity Expansion - (377)
CategoryCategory WASC-45 - Fingerprinting - (378)
CategoryCategory WASC-46 - XQuery Injection - (379)
Detailed Attack PatternDetailed Attack Pattern Weakening of Cellular Encryption - (606)
Detailed Attack PatternDetailed Attack Pattern Web Application Fingerprinting - (170)
Detailed Attack PatternDetailed Attack Pattern Web Logs Tampering - (81)
Standard Attack PatternStandard Attack Pattern Web Services API Signature Forgery Leveraging Hash Function Extension Weakness - (461)
Meta Attack PatternMeta Attack Pattern Web Services Protocol Manipulation - (278)
Standard Attack PatternStandard Attack Pattern WebView Exposure - (503)
Detailed Attack PatternDetailed Attack Pattern WebView Injection - (500)
Standard Attack PatternStandard Attack Pattern White Box Reverse Engineering - (167)
Detailed Attack PatternDetailed Attack Pattern Wi-Fi Jamming - (604)
Detailed Attack PatternDetailed Attack Pattern WiFi MAC Address Tracking - (612)
Detailed Attack PatternDetailed Attack Pattern WiFi SSID Tracking - (613)
Standard Attack PatternStandard Attack Pattern Windows ::DATA Alternate Data Stream - (168)
Detailed Attack PatternDetailed Attack Pattern Windows Admin Shares with Stolen Credentials - (561)
Detailed Attack PatternDetailed Attack Pattern WSDL Scanning - (95)
Detailed Attack PatternDetailed Attack Pattern XML Attribute Blowup - (229)
Standard Attack PatternStandard Attack Pattern XML Client-Side Attack - (484)
Detailed Attack PatternDetailed Attack Pattern XML Entity Blowup - (201)
Detailed Attack PatternDetailed Attack Pattern XML Entity Expansion - (197)
Standard Attack PatternStandard Attack Pattern XML External Entities - (221)
Standard Attack PatternStandard Attack Pattern XML Flood - (528)
Standard Attack PatternStandard Attack Pattern XML Injection - (250)
Standard Attack PatternStandard Attack Pattern XML Nested Payloads - (230)
Standard Attack PatternStandard Attack Pattern XML Oversized Payloads - (231)
Standard Attack PatternStandard Attack Pattern XML Parser Attack - (99)
Detailed Attack PatternDetailed Attack Pattern XML Ping of the Death - (147)
Detailed Attack PatternDetailed Attack Pattern XML Quadratic Expansion - (491)
Standard Attack PatternStandard Attack Pattern XML Routing Detour Attacks - (219)
Detailed Attack PatternDetailed Attack Pattern XML Schema Poisoning - (146)
Detailed Attack PatternDetailed Attack Pattern XPath Injection - (83)
Detailed Attack PatternDetailed Attack Pattern XQuery Injection - (84)
Detailed Attack PatternDetailed Attack Pattern XSS in IMG Tags - (91)
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

Filter Used: true()

CAPECs in this viewTotal CAPECs
Total609out of609
Views9out of9
Categories72out of72
Attack Patterns528out of528

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015