Standard Attack Pattern Accessing Functionality Not Properly Constrained by ACLs - (1) |
Standard Attack Pattern Accessing, Modifying or Executing Executable Files - (17) |
Standard Attack Pattern Active OS Fingerprinting - (312) |
Standard Attack Pattern Amplification - (490) |
Standard Attack Pattern Application API Button Hijacking - (388) |
Standard Attack Pattern Application API Navigation Remapping - (386) |
Standard Attack Pattern Application Fingerprinting - (541) |
Standard Attack Pattern Application Footprinting - (580) |
Standard Attack Pattern Argument Injection - (6) |
Standard Attack Pattern Audit Log Manipulation - (268) |
Standard Attack Pattern Black Box Reverse Engineering - (189) |
Standard Attack Pattern Block Logging to Central Repository - (571) |
Standard Attack Pattern Blockage - (603) |
Standard Attack Pattern Bypassing Card or Badge-Based Systems - (396) |
Standard Attack Pattern Bypassing Electronic Locks and Access Controls - (395) |
Standard Attack Pattern Bypassing of Intermediate Forms in Multiple-Form Sets - (140) |
Standard Attack Pattern Cache Poisoning - (141) |
Standard Attack Pattern Calling Micro-Services Directly - (179) |
Standard Attack Pattern Calling Signed Code From Another Language Within A Sandbox Allow This - (237) |
Standard Attack Pattern Cause Web Server Misclassification - (11) |
Standard Attack Pattern Choosing Message Identifier - (12) |
Standard Attack Pattern Clickjacking - (103) |
Standard Attack Pattern Client-Server Protocol Manipulation - (220) |
Standard Attack Pattern Cloning Magnetic Strip Cards - (397) |
Standard Attack Pattern Cloning RFID Cards or Chips - (399) |
Standard Attack Pattern Collect Data as Provided by Users - (569) |
Standard Attack Pattern Collect Data from Common Resource Locations - (150) |
Standard Attack Pattern Command Delimiters - (15) |
Standard Attack Pattern Connection Reset - (595) |
Standard Attack Pattern Content Spoofing Via Application API Manipulation - (389) |
Standard Attack Pattern Counterfeit GPS Signals - (627) |
Standard Attack Pattern Create files with the same name as files protected with a higher classification - (177) |
Standard Attack Pattern Create Malicious Client - (202) |
Standard Attack Pattern Cross Frame Scripting (XFS) - (587) |
Standard Attack Pattern Cross Site Request Forgery - (62) |
Standard Attack Pattern Cross Zone Scripting - (104) |
Standard Attack Pattern Cross-Site Scripting (XSS) - (63) |
Standard Attack Pattern Cryptanalysis - (97) |
Standard Attack Pattern Data Interchange Protocol Manipulation - (277) |
Deprecated DEPRECATED: Directory Traversal - (213) |
Deprecated DEPRECATED: ICMP Fingerprinting Probes - (316) |
Deprecated DEPRECATED: IP Fingerprinting Probes - (314) |
Deprecated DEPRECATED: Malicious Logic Insertion via Counterfeit Hardware - (453) |
Deprecated DEPRECATED: Malware Propagation via USB U3 Autorun - (450) |
Deprecated DEPRECATED: OS Fingerprinting - (311) |
Deprecated DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching - (259) |
Deprecated DEPRECATED: Removing/short-circuiting 'guard logic' - (56) |
Deprecated DEPRECATED: TCP/IP Fingerprinting Probes - (315) |
Standard Attack Pattern Design Alteration - (447) |
Standard Attack Pattern Development Alteration - (444) |
Standard Attack Pattern Disable Security Software - (578) |
Standard Attack Pattern DNS Rebinding - (275) |
Standard Attack Pattern Drop Encryption Level - (620) |
Standard Attack Pattern Dumpster Diving - (406) |
Standard Attack Pattern Email Injection - (134) |
Standard Attack Pattern Embedding Scripts within Scripts - (19) |
Standard Attack Pattern Encryption Brute Forcing - (20) |
Standard Attack Pattern Establish Rogue Location - (616) |
Standard Attack Pattern Evercookie - (464) |
Standard Attack Pattern Exploit Script-Based APIs - (160) |
Standard Attack Pattern Exploit Test APIs - (121) |
Standard Attack Pattern Exploiting Incorrectly Configured Access Control Security Levels - (180) |
Standard Attack Pattern Exploiting Incorrectly Configured SSL - (217) |
Standard Attack Pattern Fake the Source of Data - (194) |
Standard Attack Pattern File Content Injection - (23) |
Standard Attack Pattern Flash Injection - (182) |
Standard Attack Pattern Force Use of Corrupted Files - (263) |
Standard Attack Pattern Forceful Browsing - (87) |
Standard Attack Pattern Format String Injection - (135) |
Standard Attack Pattern Generic Cross-Browser Cross-Domain Theft - (468) |
Standard Attack Pattern Hacking Hardware - (401) |
Standard Attack Pattern Hijacking a privileged process - (234) |
Standard Attack Pattern Hijacking a Privileged Thread of Execution - (30) |
Standard Attack Pattern Host Discovery - (292) |
Standard Attack Pattern HTTP DoS - (469) |
Standard Attack Pattern HTTP Flood - (488) |
Standard Attack Pattern HTTP Request Splitting - (105) |
Standard Attack Pattern ICMP Flood - (487) |
Standard Attack Pattern ICMP Fragmentation - (496) |
Standard Attack Pattern IMAP/SMTP Command Injection - (183) |
Standard Attack Pattern Inducing Account Lockout - (2) |
Standard Attack Pattern Influence Perception - (417) |
Standard Attack Pattern Influence via Incentives - (426) |
Standard Attack Pattern Influence via Psychological Principles - (427) |
Standard Attack Pattern Integer Attacks - (128) |
Standard Attack Pattern Intent Intercept - (499) |
Standard Attack Pattern Intent Spoof - (502) |
Standard Attack Pattern Inter-component Protocol Manipulation - (276) |
Standard Attack Pattern Jamming - (601) |
Standard Attack Pattern LDAP Injection - (136) |
Standard Attack Pattern Leverage Alternate Encoding - (267) |
Standard Attack Pattern Leverage Executable Code in Non-Executable Files - (35) |
Standard Attack Pattern Lifting signing key and signing malicious code from a production environment - (206) |
Standard Attack Pattern Linux Terminal Injection - (249) |
Standard Attack Pattern Local Code Inclusion - (251) |
Standard Attack Pattern Lock Picking - (393) |
Standard Attack Pattern Magnetic Strip Card Brute Force Attacks - (398) |
Standard Attack Pattern Malicious Hardware Component Replacement - (522) |
Standard Attack Pattern Malicious Hardware Update - (534) |
Standard Attack Pattern Malicious Logic Inserted Into To Product Software - (442) |
Standard Attack Pattern Malicious Logic Insertion into Product Hardware - (452) |
Standard Attack Pattern Malicious Logic Insertion into Product Memory - (456) |
Standard Attack Pattern Malicious Software Download - (185) |
Standard Attack Pattern Malicious Software Implanted - (523) |
Standard Attack Pattern Malicious Software Update - (186) |
Standard Attack Pattern Malware-Directed Internal Reconnaissance - (529) |
Standard Attack Pattern Man in the Middle Attack - (94) |
Standard Attack Pattern Manipulate Application Registry Values - (203) |
Standard Attack Pattern Manipulating Opaque Client-based Data Tokens - (39) |
Standard Attack Pattern Manipulating User-Controlled Variables - (77) |
Standard Attack Pattern Manipulating Writeable Configuration Files - (75) |
Standard Attack Pattern Navigation Remapping To Propagate Malicious Content - (387) |
Standard Attack Pattern Network Topology Mapping - (309) |
Standard Attack Pattern Obtain Data via Utilities - (567) |
Standard Attack Pattern OS Command Injection - (88) |
Standard Attack Pattern Overflow Buffers - (100) |
Standard Attack Pattern Overread Buffers - (540) |
Standard Attack Pattern Passive OS Fingerprinting - (313) |
Standard Attack Pattern Password Brute Forcing - (49) |
Standard Attack Pattern Password Recovery Exploitation - (50) |
Standard Attack Pattern Path Traversal - (126) |
Standard Attack Pattern Pharming - (89) |
Standard Attack Pattern Phishing - (98) |
Standard Attack Pattern Physical Destruction of Device or Component - (547) |
Standard Attack Pattern Port Scanning - (300) |
Standard Attack Pattern Pretexting - (407) |
Standard Attack Pattern Principal Spoof - (195) |
Standard Attack Pattern Pull Data from System Resources - (545) |
Standard Attack Pattern Query System for Information - (54) |
Standard Attack Pattern Rainbow Table Password Cracking - (55) |
Standard Attack Pattern Redirect Access to Libraries - (159) |
Standard Attack Pattern Reflection Attack in Authentication Protocol - (90) |
Standard Attack Pattern Reflection Injection - (138) |
Standard Attack Pattern Regular Expression Exponential Blowup - (492) |
Standard Attack Pattern Remote Code Inclusion - (253) |
Standard Attack Pattern Removing Important Client Functionality - (207) |
Standard Attack Pattern RFID Chip Deactivation or Destruction - (400) |
Standard Attack Pattern Rogue Integration Procedures - (524) |
Standard Attack Pattern Route Disabling - (582) |
Standard Attack Pattern SaaS User Request Forgery - (510) |
Standard Attack Pattern Schema Poisoning - (271) |
Standard Attack Pattern Session Credential Falsification through Forging - (196) |
Standard Attack Pattern Session Hijacking - (593) |
Standard Attack Pattern Signature Spoof - (473) |
Standard Attack Pattern Sniffing Attacks - (157) |
Standard Attack Pattern SOAP Array Blowup - (493) |
Standard Attack Pattern Soap Manipulation - (279) |
Standard Attack Pattern SQL Injection - (66) |
Standard Attack Pattern SSL Flood - (489) |
Standard Attack Pattern Subvert Code-signing Facilities - (68) |
Standard Attack Pattern Tapjacking - (506) |
Standard Attack Pattern Target Influence via Framing - (425) |
Standard Attack Pattern Target Programs with Elevated Privileges - (69) |
Standard Attack Pattern Targeted Malware - (542) |
Standard Attack Pattern TCP Flood - (482) |
Standard Attack Pattern TCP Fragmentation - (494) |
Standard Attack Pattern Transaction or Event Tampering via Application API Manipulation - (385) |
Standard Attack Pattern Try All Common Switches - (133) |
Standard Attack Pattern UDP Flood - (486) |
Standard Attack Pattern UDP Fragmentation - (495) |
Standard Attack Pattern Use of Known Domain Credentials - (560) |
Standard Attack Pattern Using a Snap Gun Lock to Force a Lock - (394) |
Standard Attack Pattern Using Unpublished APIs - (36) |
Standard Attack Pattern Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS)) - (82) |
Standard Attack Pattern Web Services API Signature Forgery Leveraging Hash Function Extension Weakness - (461) |
Standard Attack Pattern WebView Exposure - (503) |
Standard Attack Pattern White Box Reverse Engineering - (167) |
Standard Attack Pattern Windows ::DATA Alternate Data Stream - (168) |
Standard Attack Pattern XML Client-Side Attack - (484) |
Standard Attack Pattern XML External Entities - (221) |
Standard Attack Pattern XML Flood - (528) |
Standard Attack Pattern XML Injection - (250) |
Standard Attack Pattern XML Nested Payloads - (230) |
Standard Attack Pattern XML Oversized Payloads - (231) |
Standard Attack Pattern XML Parser Attack - (99) |
Standard Attack Pattern XML Routing Detour Attacks - (219) |