Detailed Attack Pattern Absolute Path Traversal - (597)

Category Abuse Existing Functionality - (210)

Standard Attack Pattern Accessing Functionality Not Properly Constrained by ACLs - (1)

Standard Attack Pattern Accessing, Modifying or Executing Executable Files - (17)

Detailed Attack Pattern Accessing/Intercepting/Modifying HTTP Cookies - (31)

Detailed Attack Pattern Account Footprinting - (575)

Meta Attack Pattern Action Spoofing - (173)

Standard Attack Pattern Active OS Fingerprinting - (312)

Detailed Attack Pattern Activity Hijack - (501)

Detailed Attack Pattern Add Malicious File to Shared Webroot - (563)

Detailed Attack Pattern AJAX Fingerprinting - (85)

Detailed Attack Pattern Altered Installed BIOS - (532)

Standard Attack Pattern Amplification - (490)

Detailed Attack Pattern Analysis of Packet Timing and Sizes - (621)

Meta Attack Pattern API Manipulation - (113)

Standard Attack Pattern Application API Button Hijacking - (388)

Meta Attack Pattern Application API Message Manipulation via Man-in-the-Middle - (384)

Standard Attack Pattern Application API Navigation Remapping - (386)

Standard Attack Pattern Application Fingerprinting - (541)

Standard Attack Pattern Application Footprinting - (580)

Standard Attack Pattern Argument Injection - (6)

Detailed Attack Pattern Artificially Inflate File Sizes - (572)

Detailed Attack Pattern ASIC With Malicious Functionality - (539)

Standard Attack Pattern Audit Log Manipulation - (268)

Meta Attack Pattern Authentication Abuse - (114)

Meta Attack Pattern Authentication Bypass - (115)

Detailed Attack Pattern BGP Route Disabling - (584)

Detailed Attack Pattern BitSquatting - (611)

Standard Attack Pattern Black Box Reverse Engineering - (189)

Detailed Attack Pattern Blind SQL Injection - (7)

Detailed Attack Pattern Block Access to Libraries - (96)

Standard Attack Pattern Block Logging to Central Repository - (571)

Standard Attack Pattern Blockage - (603)

Detailed Attack Pattern Blue Boxing - (5)

Detailed Attack Pattern Browser Fingerprinting - (472)

Meta Attack Pattern Brute Force - (112)

Meta Attack Pattern Buffer Manipulation - (123)

Detailed Attack Pattern Buffer Overflow in an API Call - (8)

Detailed Attack Pattern Buffer Overflow in Local Command-Line Utilities - (9)

Detailed Attack Pattern Buffer Overflow via Environment Variables - (10)

Detailed Attack Pattern Buffer Overflow via Parameter Expansion - (47)

Detailed Attack Pattern Buffer Overflow via Symbolic Links - (45)

Detailed Attack Pattern Bypassing ATA Password Security - (402)

Standard Attack Pattern Bypassing Card or Badge-Based Systems - (396)

Standard Attack Pattern Bypassing Electronic Locks and Access Controls - (395)

Standard Attack Pattern Bypassing of Intermediate Forms in Multiple-Form Sets - (140)

Meta Attack Pattern Bypassing Physical Locks - (391)

Meta Attack Pattern Bypassing Physical Security - (390)

Standard Attack Pattern Cache Poisoning - (141)

Standard Attack Pattern Calling Micro-Services Directly - (179)

Standard Attack Pattern Calling Signed Code From Another Language Within A Sandbox Allow This - (237)

Detailed Attack Pattern Capture Credentials via Keylogger - (568)

Detailed Attack Pattern Carry-Off GPS Attack - (628)

Detailed Attack Pattern Catching exception throw/signal from privileged block - (236)

Standard Attack Pattern Cause Web Server Misclassification - (11)

Detailed Attack Pattern Cellular Broadcast Message Request - (618)

Detailed Attack Pattern Cellular Data Injection - (610)

Detailed Attack Pattern Cellular Jamming - (605)

Detailed Attack Pattern Cellular Rogue Base Station - (617)

Detailed Attack Pattern Cellular Traffic Intercept - (609)

Detailed Attack Pattern Checksum Spoofing - (145)

Standard Attack Pattern Choosing Message Identifier - (12)

Standard Attack Pattern Clickjacking - (103)

Standard Attack Pattern Client-Server Protocol Manipulation - (220)

Detailed Attack Pattern Client-side Injection-induced Buffer Overflow - (14)

Standard Attack Pattern Cloning Magnetic Strip Cards - (397)

Standard Attack Pattern Cloning RFID Cards or Chips - (399)

Meta Attack Pattern Code Inclusion - (175)

Meta Attack Pattern Code Injection - (242)

Category Collect and Analyze Information - (118)

Standard Attack Pattern Collect Data as Provided by Users - (569)

Standard Attack Pattern Collect Data from Common Resource Locations - (150)

Standard Attack Pattern Command Delimiters - (15)

Meta Attack Pattern Command Injection - (248)

Detailed Attack Pattern Command Line Execution through SQL Injection - (108)

Meta Attack Pattern Communication Channel Manipulation - (216)

Category Communications - (512)

View Comprehensive CAPEC Dictionary - (2000)

Detailed Attack Pattern Compromising Emanations Attack - (623)

Meta Attack Pattern Configuration/Environment Manipulation - (176)

Standard Attack Pattern Connection Reset - (595)

Meta Attack Pattern Contaminate Resource - (548)

Meta Attack Pattern Content Spoofing - (148)

Standard Attack Pattern Content Spoofing Via Application API Manipulation - (389)

Standard Attack Pattern Counterfeit GPS Signals - (627)

Detailed Attack Pattern Counterfeit Hardware Component Inserted During Product Assembly - (520)

Detailed Attack Pattern Counterfeit Organizations - (544)

Detailed Attack Pattern Counterfeit Websites - (543)

Standard Attack Pattern Create files with the same name as files protected with a higher classification - (177)

Standard Attack Pattern Create Malicious Client - (202)

Detailed Attack Pattern Creating a Rogue Certification Authority Certificate - (459)

Standard Attack Pattern Cross Frame Scripting (XFS) - (587)

Detailed Attack Pattern Cross Site Identification - (467)

Standard Attack Pattern Cross Site Request Forgery - (62)

Detailed Attack Pattern Cross Site Tracing - (107)

Standard Attack Pattern Cross Zone Scripting - (104)

Detailed Attack Pattern Cross-Domain Search Timing - (462)

Detailed Attack Pattern Cross-Site Flashing - (178)

Standard Attack Pattern Cross-Site Scripting (XSS) - (63)

Standard Attack Pattern Cryptanalysis - (97)

Detailed Attack Pattern Cryptanalysis of Cellular Encryption - (608)

Detailed Attack Pattern Data Injected During Configuration - (536)

Standard Attack Pattern Data Interchange Protocol Manipulation - (277)

View Deprecated Entries - (483)

Deprecated DEPRECATED: Abuse of Transaction Data Structure - (257)

Deprecated DEPRECATED: Alter System Components - (526)

Deprecated DEPRECATED: Analyze Target - (281)

Deprecated DEPRECATED: Code Injection - (241)

Deprecated DEPRECATED: Degradation - (602)

Deprecated DEPRECATED: Deplete Resources - (119)

Deprecated DEPRECATED: Directory Traversal - (213)

Deprecated DEPRECATED: DTD Injection in a SOAP Message - (254)

Deprecated DEPRECATED: Environment Variable Manipulation - (264)

Deprecated DEPRECATED: Execute Code - (525)

Deprecated DEPRECATED: Exploitation of Authorization - (232)

Deprecated DEPRECATED: Gain Physical Access - (436)

Deprecated DEPRECATED: Global variable manipulation - (265)

Deprecated DEPRECATED: ICMP Echo Request Ping - (288)

Deprecated DEPRECATED: ICMP Fingerprinting Probes - (316)

Deprecated DEPRECATED: Information Gathering from Non-Traditional Sources - (409)

Deprecated DEPRECATED: Information Gathering from Traditional Sources - (408)

Deprecated DEPRECATED: Infrastructure-based footprinting - (289)

Deprecated DEPRECATED: IP Fingerprinting Probes - (314)

Deprecated DEPRECATED: Leveraging web tools (e.g. Mozilla's GreaseMonkey, Firebug) to change application behavior - (211)

Deprecated DEPRECATED: Lifting credential(s)/key material embedded in client distributions (thick or thin) - (205)

Deprecated DEPRECATED: Malicious Logic Insertion via Counterfeit Hardware - (453)

Deprecated DEPRECATED: Malicious Logic Insertion via Inclusion of Counterfeit Hardware Components - (455)

Deprecated DEPRECATED: Malware Propagation via Infected Peripheral Device - (451)

Deprecated DEPRECATED: Malware Propagation via USB Stick - (449)

Deprecated DEPRECATED: Malware Propagation via USB U3 Autorun - (450)

Deprecated DEPRECATED: Manipulate Canonicalization - (266)

Deprecated DEPRECATED: Manipulate System Users - (527)

Deprecated DEPRECATED: Modification of Existing Components with Counterfeit Hardware - (454)

Deprecated DEPRECATED: OS Fingerprinting - (311)

Deprecated DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Dynamic Update - (258)

Deprecated DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Initial Distribution - (260)

Deprecated DEPRECATED: Passively Sniffing and Capturing Application Code Bound for an Authorized Client During Patching - (259)

Deprecated DEPRECATED: Pretexting - (411)

Deprecated DEPRECATED: Reconnaissance - (286)

Deprecated DEPRECATED: Registry Manipulation - (269)

Deprecated DEPRECATED: Removing/short-circuiting 'guard logic' - (56)

Deprecated DEPRECATED: Social Information Gathering Attacks - (404)

Deprecated DEPRECATED: Social Information Gathering via Research - (405)

Deprecated DEPRECATED: Target Influence via Perception of Concession - (419)

Deprecated DEPRECATED: TCP/IP Fingerprinting Probes - (315)

Deprecated DEPRECATED: Variable Manipulation - (171)

Deprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-01 - Insufficient Authentication - (334)

Deprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-02 - Insufficient Authorization - (335)

Deprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-04 - Insufficient Transport Layer Protection - (337)

Deprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-13 - Information Leakage - (346)

Deprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-14 - Server Misconfiguration - (347)

Deprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-15 - Application Misconfiguration - (348)

Deprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-16 - Directory Indexing - (349)

Deprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-17 - Improper Filesystem Permissions - (350)

Deprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-20 - Improper Input Handling - (353)

Deprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-21 - Insufficient Anti-automation - (354)

Deprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-22 - Improper Output Handling - (355)

Deprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-40 - Insufficient Process Validation - (373)

Deprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-47 - Insufficient Session Expiration - (380)

Deprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-48 - Insecure Indexing - (381)

Deprecated DEPRECATED: WASC Threat Classification 2.0 - WASC-49 - Insufficient Password Recovery - (382)

Deprecated DEPRECATED: XSS in IMG Tags - (91)

Deprecated DEPRECATED: XSS through Log Files - (106)

Deprecated DEPRECATED: XSS Using Flash - (246)

Standard Attack Pattern Design Alteration - (447)

View Detailed Abstractions - (284)

Detailed Attack Pattern Detect Unpublicized Web Pages - (143)

Detailed Attack Pattern Detect Unpublicized Web Services - (144)

Standard Attack Pattern Development Alteration - (444)

Detailed Attack Pattern Dictionary-based Password Attack - (16)

Detailed Attack Pattern Directory Indexing - (127)

Standard Attack Pattern Disable Security Software - (578)

Detailed Attack Pattern Disabling Network Hardware - (583)

Detailed Attack Pattern DLL Search Order Hijacking - (471)

Detailed Attack Pattern DNS Blocking - (589)

Detailed Attack Pattern DNS Cache Poisoning - (142)

Detailed Attack Pattern DNS Domain Seizure - (585)

Standard Attack Pattern DNS Rebinding - (275)

Detailed Attack Pattern DNS Spoofing - (598)

Detailed Attack Pattern DNS Zone Transfers - (291)

Detailed Attack Pattern Documentation Alteration to Cause Errors in System Design - (519)

Detailed Attack Pattern Documentation Alteration to Circumvent Dial-down - (517)

Detailed Attack Pattern Documentation Alteration to Produce Under-performing Systems - (518)

Detailed Attack Pattern DOM-Based XSS - (588)

View Domains of Attack - (3000)

Detailed Attack Pattern Double Encoding - (120)

Standard Attack Pattern Drop Encryption Level - (620)

Detailed Attack Pattern DTD Injection - (228)

Detailed Attack Pattern Dump Password Hashes - (566)

Standard Attack Pattern Dumpster Diving - (406)

Detailed Attack Pattern Electromagnetic Side-Channel Attack - (622)

Standard Attack Pattern Email Injection - (134)

Detailed Attack Pattern Embedding NULL Bytes - (52)

Standard Attack Pattern Embedding Scripts within Scripts - (19)

Category Employ Probabilistic Techniques - (223)

Standard Attack Pattern Encryption Brute Forcing - (20)

Category Engage in Deceptive Interactions - (156)

Detailed Attack Pattern Enumerate Mail Exchange (MX) Records - (290)

Standard Attack Pattern Establish Rogue Location - (616)

Standard Attack Pattern Evercookie - (464)

Detailed Attack Pattern Evil Twin Wi-Fi Attack - (615)

Meta Attack Pattern Excavation - (116)

Meta Attack Pattern Excessive Allocation - (130)

Detailed Attack Pattern Expanding Control over the Operating System from the Database - (470)

Standard Attack Pattern Exploit Script-Based APIs - (160)

Standard Attack Pattern Exploit Test APIs - (121)

Meta Attack Pattern Exploitation of Trusted Credentials - (21)

Standard Attack Pattern Exploiting Incorrectly Configured Access Control Security Levels - (180)

Standard Attack Pattern Exploiting Incorrectly Configured SSL - (217)

Detailed Attack Pattern Exploiting Multiple Input Interpretation Layers - (43)

Meta Attack Pattern Exploiting Trust in Client - (22)

Detailed Attack Pattern Explore for Predictable Temporary File Names - (149)

Standard Attack Pattern Fake the Source of Data - (194)

Meta Attack Pattern Fault Injection - (624)

Standard Attack Pattern File Content Injection - (23)

Meta Attack Pattern File Manipulation - (165)

Detailed Attack Pattern Filter Failure through Buffer Overflow - (24)

Meta Attack Pattern Fingerprinting - (224)

Detailed Attack Pattern Flash File Overlay - (181)

Standard Attack Pattern Flash Injection - (182)

Detailed Attack Pattern Flash Memory Attacks - (458)

Detailed Attack Pattern Flash Parameter Injection - (174)

Meta Attack Pattern Flooding - (125)

Meta Attack Pattern Footprinting - (169)

Detailed Attack Pattern Force the System to Reset Values - (166)

Standard Attack Pattern Force Use of Corrupted Files - (263)

Meta Attack Pattern Forced Deadlock - (25)

Detailed Attack Pattern Forced Integer Overflow - (92)

Standard Attack Pattern Forceful Browsing - (87)

Standard Attack Pattern Format String Injection - (135)

Meta Attack Pattern Functionality Bypass - (554)

Meta Attack Pattern Functionality Misuse - (212)

Meta Attack Pattern Fuzzing - (28)

Detailed Attack Pattern Fuzzing and observing application log data/errors for application mapping - (215)

Detailed Attack Pattern Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping - (214)

Detailed Attack Pattern Fuzzing for garnering other adjacent user/sensitive data - (261)

Standard Attack Pattern Generic Cross-Browser Cross-Domain Theft - (468)

Detailed Attack Pattern Group Permission Footprinting - (576)

Standard Attack Pattern Hacking Hardware - (401)

Category Hardware - (515)

Detailed Attack Pattern Hardware Component Substitution - (531)

Detailed Attack Pattern Hardware Component Substitution During Baselining - (516)

Detailed Attack Pattern Hardware Design Specifications Are Altered - (521)

Meta Attack Pattern Hardware Integrity Attack - (440)

Detailed Attack Pattern Harvesting Usernames or UserIDs via Application API Event Monitoring - (383)

Standard Attack Pattern Hijacking a privileged process - (234)

Standard Attack Pattern Hijacking a Privileged Thread of Execution - (30)

Detailed Attack Pattern Homograph Attack via Homoglyphs - (632)

Standard Attack Pattern Host Discovery - (292)

Standard Attack Pattern HTTP DoS - (469)

Standard Attack Pattern HTTP Flood - (488)

Detailed Attack Pattern HTTP Parameter Pollution (HPP) - (460)

Detailed Attack Pattern HTTP Request Smuggling - (33)

Standard Attack Pattern HTTP Request Splitting - (105)

Detailed Attack Pattern HTTP Response Smuggling - (273)

Detailed Attack Pattern HTTP Response Splitting - (34)

Detailed Attack Pattern HTTP Verb Tampering - (274)

Detailed Attack Pattern ICMP Address Mask Request - (294)

Detailed Attack Pattern ICMP Echo Request Ping - (285)

Detailed Attack Pattern ICMP Error Message Echoing Integrity Probe - (330)

Detailed Attack Pattern ICMP Error Message Quoting Probe - (329)

Standard Attack Pattern ICMP Flood - (487)

Standard Attack Pattern ICMP Fragmentation - (496)

Detailed Attack Pattern ICMP Information Request - (296)

Detailed Attack Pattern ICMP IP 'ID' Field Error Message Probe - (332)

Detailed Attack Pattern ICMP IP Total Length Field Probe - (331)

Detailed Attack Pattern ICMP Timestamp Request - (295)

Meta Attack Pattern Identity Spoofing - (151)

Detailed Attack Pattern iFrame Overlay - (222)

Standard Attack Pattern IMAP/SMTP Command Injection - (183)

Detailed Attack Pattern Implementing a callback to system routine (old AWT Queue) - (235)

Standard Attack Pattern Inducing Account Lockout - (2)

Detailed Attack Pattern Infiltration of Hardware Development Environment - (537)

Detailed Attack Pattern Infiltration of Software Development Environment - (511)

Standard Attack Pattern Influence Perception - (417)

Detailed Attack Pattern Influence Perception of Authority - (421)

Detailed Attack Pattern Influence Perception of Commitment and Consistency - (422)

Detailed Attack Pattern Influence Perception of Consensus or Social Proof - (424)

Detailed Attack Pattern Influence Perception of Liking - (423)

Detailed Attack Pattern Influence Perception of Reciprocation - (418)

Detailed Attack Pattern Influence Perception of Scarcity - (420)

Standard Attack Pattern Influence via Incentives - (426)

Detailed Attack Pattern Influence via Modes of Thinking - (428)

Standard Attack Pattern Influence via Psychological Principles - (427)

Meta Attack Pattern Information Elicitation - (410)

Meta Attack Pattern Infrastructure Manipulation - (161)

Category Inject Unexpected Items - (152)

Meta Attack Pattern Input Data Manipulation - (153)

Detailed Attack Pattern Install New Service - (550)

Detailed Attack Pattern Install Rootkit - (552)

Standard Attack Pattern Integer Attacks - (128)

Standard Attack Pattern Intent Intercept - (499)

Standard Attack Pattern Intent Spoof - (502)

Standard Attack Pattern Inter-component Protocol Manipulation - (276)

Meta Attack Pattern Interception - (117)

Detailed Attack Pattern IP 'ID' Echoed Byte-Order Probe - (318)

Detailed Attack Pattern IP (DF) 'Don't Fragment Bit' Echoing Probe - (319)

Detailed Attack Pattern IP Address Blocking - (590)

Detailed Attack Pattern IP ID Sequencing Probe - (317)

Standard Attack Pattern Jamming - (601)

Detailed Attack Pattern JSON Hijacking (aka JavaScript Hijacking) - (111)

Standard Attack Pattern LDAP Injection - (136)

Standard Attack Pattern Leverage Alternate Encoding - (267)

Standard Attack Pattern Leverage Executable Code in Non-Executable Files - (35)

Meta Attack Pattern Leveraging Active Man in the Middle Attacks to Bypass Same Origin Policy - (466)

Meta Attack Pattern Leveraging Race Conditions - (26)

Detailed Attack Pattern Leveraging Race Conditions via Symbolic Links - (27)

Detailed Attack Pattern Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions - (29)

Detailed Attack Pattern Leveraging/Manipulating Configuration File Search Paths - (38)

Detailed Attack Pattern Lifting Sensitive Data Embedded in Cache - (204)

Standard Attack Pattern Lifting signing key and signing malicious code from a production environment - (206)

Standard Attack Pattern Linux Terminal Injection - (249)

Standard Attack Pattern Local Code Inclusion - (251)

Meta Attack Pattern Local Execution of Code - (549)

Meta Attack Pattern Lock Bumping - (392)

Standard Attack Pattern Lock Picking - (393)

Detailed Attack Pattern Log Injection-Tampering-Forging - (93)

Standard Attack Pattern Magnetic Strip Card Brute Force Attacks - (398)

Detailed Attack Pattern Malicious Automated Software Update - (187)

Detailed Attack Pattern Malicious Gray Market Hardware - (535)

Standard Attack Pattern Malicious Hardware Component Replacement - (522)

Standard Attack Pattern Malicious Hardware Update - (534)

Detailed Attack Pattern Malicious Logic Inserted Into Product Software by Authorized Developer - (443)

Standard Attack Pattern Malicious Logic Inserted Into To Product Software - (442)

Meta Attack Pattern Malicious Logic Insertion - (441)

Standard Attack Pattern Malicious Logic Insertion into Product Hardware - (452)

Standard Attack Pattern Malicious Logic Insertion into Product Memory - (456)

Detailed Attack Pattern Malicious Logic Insertion into Product Software via Configuration Management Manipulation - (445)

Detailed Attack Pattern Malicious Logic Insertion into Product Software via Inclusion of 3rd Party Component Dependency - (446)

Detailed Attack Pattern Malicious Manual Software Update - (533)

Standard Attack Pattern Malicious Software Download - (185)

Standard Attack Pattern Malicious Software Implanted - (523)

Standard Attack Pattern Malicious Software Update - (186)

Detailed Attack Pattern Malware Infection into Product Software - (448)

Standard Attack Pattern Malware-Directed Internal Reconnaissance - (529)

Standard Attack Pattern Man in the Middle Attack - (94)

Standard Attack Pattern Manipulate Application Registry Values - (203)

Category Manipulate Data Structures - (255)

Meta Attack Pattern Manipulate Human Behavior - (416)

Category Manipulate System Resources - (262)

Category Manipulate Timing and State - (172)

Detailed Attack Pattern Manipulating Hidden Fields - (162)

Standard Attack Pattern Manipulating Opaque Client-based Data Tokens - (39)

Meta Attack Pattern Manipulating User State - (74)

Standard Attack Pattern Manipulating User-Controlled Variables - (77)

Detailed Attack Pattern Manipulating Web Input to File System Calls - (76)

Standard Attack Pattern Manipulating Writeable Configuration Files - (75)

Detailed Attack Pattern Manipulating Writeable Terminal Devices - (40)

Meta Attack Pattern Manipulation During Distribution - (439)

View Mechanisms of Attack - (1000)

View Meta Abstractions - (282)

Detailed Attack Pattern MIME Conversion - (42)

Detailed Attack Pattern Mobile Device Fault Injection - (625)

View Mobile Device Patterns - (553)

Detailed Attack Pattern Mobile Phishing - (164)

Meta Attack Pattern Modification During Manufacture - (438)

Detailed Attack Pattern Modification of Registry Run Keys - (270)

Detailed Attack Pattern Modify Existing Service - (551)

Detailed Attack Pattern Modify Shared File - (562)

Standard Attack Pattern Navigation Remapping To Propagate Malicious Content - (387)

Standard Attack Pattern Network Topology Mapping - (309)

Meta Attack Pattern Object Injection - (586)

Detailed Attack Pattern Object Relational Mapping Injection - (109)

Meta Attack Pattern Obstruction - (607)

Standard Attack Pattern Obtain Data via Utilities - (567)

Detailed Attack Pattern Open Source Libraries Altered - (538)

Detailed Attack Pattern Orbital Jamming - (559)

Standard Attack Pattern OS Command Injection - (88)

Detailed Attack Pattern Overflow Binary Resource File - (44)

Standard Attack Pattern Overflow Buffers - (100)

Detailed Attack Pattern Overflow Variables and Tags - (46)

Standard Attack Pattern Overread Buffers - (540)

Detailed Attack Pattern Owner Footprinting - (577)

Detailed Attack Pattern Padding Oracle Crypto Attack - (463)

Meta Attack Pattern Parameter Injection - (137)

Detailed Attack Pattern Passing Local Filenames to Functions That Expect a URL - (48)

Standard Attack Pattern Passive OS Fingerprinting - (313)

Standard Attack Pattern Password Brute Forcing - (49)

Standard Attack Pattern Password Recovery Exploitation - (50)

Standard Attack Pattern Path Traversal - (126)

Standard Attack Pattern Pharming - (89)

Standard Attack Pattern Phishing - (98)

Detailed Attack Pattern PHP Local File Inclusion - (252)

Detailed Attack Pattern PHP Remote File Inclusion - (193)

Standard Attack Pattern Physical Destruction of Device or Component - (547)

Category Physical Security - (514)

Meta Attack Pattern Physical Theft - (507)

Meta Attack Pattern Pointer Manipulation - (129)

Detailed Attack Pattern Poison Web Service Registry - (51)

Standard Attack Pattern Port Scanning - (300)

Detailed Attack Pattern Postfix, Null Terminate, and Backslash - (53)

Standard Attack Pattern Pretexting - (407)

Detailed Attack Pattern Pretexting via Customer Service - (412)

Detailed Attack Pattern Pretexting via Delivery Person - (414)

Detailed Attack Pattern Pretexting via Phone - (415)

Detailed Attack Pattern Pretexting via Tech Support - (413)

Standard Attack Pattern Principal Spoof - (195)

Meta Attack Pattern Privilege Abuse - (122)

Meta Attack Pattern Privilege Escalation - (233)

Detailed Attack Pattern Probe Application Memory - (546)

Detailed Attack Pattern Probe iOS Screenshots - (498)

Detailed Attack Pattern Process Footprinting - (573)

Meta Attack Pattern Protocol Analysis - (192)

Meta Attack Pattern Protocol Manipulation - (272)

Detailed Attack Pattern Provide Counterfeit Component - (530)

Standard Attack Pattern Pull Data from System Resources - (545)

Standard Attack Pattern Query System for Information - (54)

Standard Attack Pattern Rainbow Table Password Cracking - (55)

Detailed Attack Pattern Read Sensitive Strings Within an Executable - (191)

Standard Attack Pattern Redirect Access to Libraries - (159)

Detailed Attack Pattern Reflected XSS - (591)

Standard Attack Pattern Reflection Attack in Authentication Protocol - (90)

Standard Attack Pattern Reflection Injection - (138)

Standard Attack Pattern Regular Expression Exponential Blowup - (492)

Detailed Attack Pattern Relative Path Traversal - (139)

Standard Attack Pattern Remote Code Inclusion - (253)

Detailed Attack Pattern Remote Services with Stolen Credentials - (555)

Detailed Attack Pattern Removal of filters: Input filters, output filters, data masking - (200)

Standard Attack Pattern Removing Important Client Functionality - (207)

Detailed Attack Pattern Removing/short-circuiting 'Purse' logic: removing/mutating 'cash' decrements - (208)

Detailed Attack Pattern Replace File Extension Handlers - (556)

Detailed Attack Pattern Replace Trusted Executable - (558)

Detailed Attack Pattern Replace Winlogon Helper DLL - (579)

Meta Attack Pattern Resource Injection - (240)

Meta Attack Pattern Resource Leak Exposure - (131)

Meta Attack Pattern Resource Location Spoofing - (154)

Detailed Attack Pattern Restful Privilege Elevation - (58)

Detailed Attack Pattern Retrieve Embedded Sensitive Data - (37)

Detailed Attack Pattern Reusing Session IDs (aka Session Replay) - (60)

Detailed Attack Pattern Reverse Engineer an Executable to Expose Assumed Hidden Functionality or Content - (190)

Meta Attack Pattern Reverse Engineering - (188)

Standard Attack Pattern RFID Chip Deactivation or Destruction - (400)

Standard Attack Pattern Rogue Integration Procedures - (524)

Detailed Attack Pattern Rooting SIM Cards - (614)

Standard Attack Pattern Route Disabling - (582)

Detailed Attack Pattern Run Software at Logon - (564)

Standard Attack Pattern SaaS User Request Forgery - (510)

Detailed Attack Pattern Scanning for Vulnerable Software - (310)

Detailed Attack Pattern Schedule Software To Run - (557)

Standard Attack Pattern Schema Poisoning - (271)

Detailed Attack Pattern Scheme Squatting - (505)

Detailed Attack Pattern Screen Temporary Files for Sensitive Information - (155)

Detailed Attack Pattern Security Software Footprinting - (581)

Detailed Attack Pattern Server Side Include (SSI) Injection - (101)

Detailed Attack Pattern Services Footprinting - (574)

Standard Attack Pattern Session Credential Falsification through Forging - (196)

Detailed Attack Pattern Session Credential Falsification through Manipulation - (226)

Detailed Attack Pattern Session Credential Falsification through Prediction - (59)

Detailed Attack Pattern Session Fixation - (61)

Standard Attack Pattern Session Hijacking - (593)

Detailed Attack Pattern Session Sidejacking - (102)

Meta Attack Pattern Shared Data Manipulation - (124)

Detailed Attack Pattern Signal Strength Tracking - (619)

Standard Attack Pattern Signature Spoof - (473)

Detailed Attack Pattern Signature Spoofing by Improper Validation - (475)

Detailed Attack Pattern Signature Spoofing by Key Recreation - (485)

Detailed Attack Pattern Signature Spoofing by Key Theft - (474)

Detailed Attack Pattern Signature Spoofing by Misrepresentation - (476)

Detailed Attack Pattern Signature Spoofing by Mixing Signed and Unsigned Content - (477)

Detailed Attack Pattern Signature-Based Avoidance - (570)

Detailed Attack Pattern Smudge Attack - (626)

Detailed Attack Pattern Sniff Application Code - (65)

Standard Attack Pattern Sniffing Attacks - (157)

Detailed Attack Pattern Sniffing Network Traffic - (158)

Standard Attack Pattern SOAP Array Blowup - (493)

Detailed Attack Pattern SOAP Array Overflow - (256)

Standard Attack Pattern Soap Manipulation - (279)

Detailed Attack Pattern SOAP Parameter Tampering - (280)

Category Social Engineering - (403)

Category Software - (513)

Meta Attack Pattern Software Integrity Attack - (184)

Detailed Attack Pattern SoundSquatting - (631)

Detailed Attack Pattern Spear Phishing - (163)

Detailed Attack Pattern Spoofing of UDDI/ebXML Messages - (218)

Standard Attack Pattern SQL Injection - (66)

Detailed Attack Pattern SQL Injection through SOAP Parameter Tampering - (110)

Standard Attack Pattern SSL Flood - (489)

View Standard Abstractions - (283)

Detailed Attack Pattern Stored XSS - (592)

Detailed Attack Pattern String Format Overflow in syslog() - (67)

Detailed Attack Pattern Subversion of authorization checks: cache filtering, programmatic security, etc. - (239)

Category Subvert Access Control - (225)

Standard Attack Pattern Subvert Code-signing Facilities - (68)

Detailed Attack Pattern Subverting Environment Variable Values - (13)

Category Supply Chain - (437)

Meta Attack Pattern Sustained Client Engagement - (227)

Detailed Attack Pattern Symlink Attack - (132)

Standard Attack Pattern Tapjacking - (506)

Meta Attack Pattern Target Influence via Eye Cues - (429)

Standard Attack Pattern Target Influence via Framing - (425)

Meta Attack Pattern Target Influence via Instant Rapport - (435)

Meta Attack Pattern Target Influence via Interview and Interrogation - (434)

Meta Attack Pattern Target Influence via Micro-Expressions - (430)

Meta Attack Pattern Target Influence via Neuro-Linguistic Programming (NLP) - (431)

Meta Attack Pattern Target Influence via The Human Buffer Overflow - (433)

Meta Attack Pattern Target Influence via Voice in NLP - (432)

Standard Attack Pattern Target Programs with Elevated Privileges - (69)

Standard Attack Pattern Targeted Malware - (542)

Detailed Attack Pattern Task Impersonation - (504)

Detailed Attack Pattern TCP 'RST' Flag Checksum Probe - (328)

Detailed Attack Pattern TCP (ISN) Counter Rate Probe - (323)

Detailed Attack Pattern TCP (ISN) Greatest Common Divisor Probe - (322)

Detailed Attack Pattern TCP (ISN) Sequence Predictability Probe - (324)

Detailed Attack Pattern TCP ACK Ping - (297)

Detailed Attack Pattern TCP ACK Scan - (305)

Detailed Attack Pattern TCP Congestion Control Flag (ECN) Probe - (325)

Detailed Attack Pattern TCP Connect Scan - (301)

Detailed Attack Pattern TCP FIN scan - (302)

Standard Attack Pattern TCP Flood - (482)

Standard Attack Pattern TCP Fragmentation - (494)

Detailed Attack Pattern TCP Initial Window Size Probe - (326)

Detailed Attack Pattern TCP Null Scan - (304)

Detailed Attack Pattern TCP Options Probe - (327)

Detailed Attack Pattern TCP RPC Scan - (307)

Detailed Attack Pattern TCP RST Injection - (596)

Detailed Attack Pattern TCP Sequence Number Probe - (321)

Detailed Attack Pattern TCP SYN Ping - (299)

Detailed Attack Pattern TCP SYN Scan - (287)

Detailed Attack Pattern TCP Timestamp Probe - (320)

Detailed Attack Pattern TCP Window Scan - (306)

Detailed Attack Pattern TCP Xmas Scan - (303)

Detailed Attack Pattern Terrestrial Jamming - (599)

Detailed Attack Pattern Traceroute Route Enumeration - (293)

Meta Attack Pattern Traffic Injection - (594)

Standard Attack Pattern Transaction or Event Tampering via Application API Manipulation - (385)

Detailed Attack Pattern Transparent Proxy Abuse - (465)

Standard Attack Pattern Try All Common Switches - (133)

Detailed Attack Pattern Try Common or Default Usernames and Passwords - (70)

Detailed Attack Pattern TypoSquatting - (630)

Standard Attack Pattern UDP Flood - (486)

Standard Attack Pattern UDP Fragmentation - (495)

Detailed Attack Pattern UDP Ping - (298)

Detailed Attack Pattern UDP Scan - (308)

Detailed Attack Pattern Unauthorized Use of Device Resources - (629)

Detailed Attack Pattern URL Encoding - (72)

Detailed Attack Pattern USB Memory Attacks - (457)

Standard Attack Pattern Use of Known Domain Credentials - (560)

Detailed Attack Pattern User-Controlled Filename - (73)

Standard Attack Pattern Using a Snap Gun Lock to Force a Lock - (394)

Detailed Attack Pattern Using Alternative IP Address Encodings - (4)

Detailed Attack Pattern Using Escaped Slashes in Alternate Encoding - (78)

Detailed Attack Pattern Using Leading 'Ghost' Character Sequences to Bypass Input Filters - (3)

Detailed Attack Pattern Using Meta-characters in E-mail Headers to Inject Malicious Payloads - (41)

Detailed Attack Pattern Using Slashes and URL Encoding Combined to Bypass Validation Logic - (64)

Detailed Attack Pattern Using Slashes in Alternate Encoding - (79)

Detailed Attack Pattern Using Unicode Encoding to Bypass Validation Logic - (71)

Standard Attack Pattern Using Unpublished APIs - (36)

Detailed Attack Pattern Using URL/codebase / G.A.C. (code source) to convince sandbox of privilege - (238)

Detailed Attack Pattern Using UTF-8 Encoding to Bypass Validation Logic - (80)

Detailed Attack Pattern Utilizing REST's Trust in the System Resource to Register Man in the Middle - (57)

Standard Attack Pattern Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS)) - (82)

View WASC Threat Classification 2.0 - (333)

Category WASC-03 - Integer Overflows - (336)

Category WASC-05 - Remote File Inclusion - (338)

Category WASC-06 - Format String - (339)

Category WASC-07 - Buffer Overflow - (340)

Category WASC-08 - Cross-Site Scripting - (341)

Category WASC-09 - Cross-Site Request Forgery - (342)

Category WASC-10 - Denial of Service - (343)

Category WASC-11 - Brute Force - (344)

Category WASC-12 - Content Spoofing - (345)

Category WASC-18 - Credential/Session Prediction - (351)

Category WASC-19 - SQL Injection - (352)

Category WASC-23 - XML Injection - (356)

Category WASC-24 - HTTP Request Splitting - (357)

Category WASC-25 - HTTP Response Splitting - (358)

Category WASC-26 - HTTP Request Smuggling - (359)

Category WASC-27 - HTTP Response Smuggling - (360)

Category WASC-28 - Null Byte Injection - (361)

Category WASC-29 - LDAP Injection - (362)

Category WASC-30 - Mail Command Injection - (363)

Category WASC-31 - OS Commanding - (364)

Category WASC-32 - Routing Detour - (365)

Category WASC-33 - Path Traversal - (366)

Category WASC-34 - Predictable Resource Location - (367)

Category WASC-35 - SOAP Array Abuse - (368)

Category WASC-36 - SSI Injection - (369)

Category WASC-37 - Session Fixation - (370)

Category WASC-38 - URL Redirector Abuse - (371)

Category WASC-39 - XPath Injection - (372)

Category WASC-41 - XML Attribute Blowup - (374)

Category WASC-42 - Abuse of Functionality - (375)

Category WASC-43 - XML External Entities - (376)

Category WASC-44 - XML Entity Expansion - (377)

Category WASC-45 - Fingerprinting - (378)

Category WASC-46 - XQuery Injection - (379)

Detailed Attack Pattern Weakening of Cellular Encryption - (606)

Detailed Attack Pattern Web Application Fingerprinting - (170)

Detailed Attack Pattern Web Logs Tampering - (81)

Standard Attack Pattern Web Services API Signature Forgery Leveraging Hash Function Extension Weakness - (461)

Meta Attack Pattern Web Services Protocol Manipulation - (278)

Standard Attack Pattern WebView Exposure - (503)

Detailed Attack Pattern WebView Injection - (500)

Standard Attack Pattern White Box Reverse Engineering - (167)

Detailed Attack Pattern Wi-Fi Jamming - (604)

Detailed Attack Pattern WiFi MAC Address Tracking - (612)

Detailed Attack Pattern WiFi SSID Tracking - (613)

Standard Attack Pattern Windows ::DATA Alternate Data Stream - (168)

Detailed Attack Pattern Windows Admin Shares with Stolen Credentials - (561)

Detailed Attack Pattern WSDL Scanning - (95)

Detailed Attack Pattern XML Attribute Blowup - (229)

Standard Attack Pattern XML Client-Side Attack - (484)

Detailed Attack Pattern XML Entity Blowup - (201)

Detailed Attack Pattern XML Entity Expansion - (197)

Standard Attack Pattern XML External Entities - (221)

Standard Attack Pattern XML Flood - (528)

Standard Attack Pattern XML Injection - (250)

Standard Attack Pattern XML Nested Payloads - (230)

Standard Attack Pattern XML Oversized Payloads - (231)

Standard Attack Pattern XML Parser Attack - (99)

Detailed Attack Pattern XML Ping of the Death - (147)

Detailed Attack Pattern XML Quadratic Expansion - (491)

Standard Attack Pattern XML Routing Detour Attacks - (219)

Detailed Attack Pattern XML Schema Poisoning - (146)

Detailed Attack Pattern XPath Injection - (83)

Detailed Attack Pattern XQuery Injection - (84)

Detailed Attack Pattern XSS Targeting Error Pages - (198)

Detailed Attack Pattern XSS Targeting Non-Script Elements - (18)

Detailed Attack Pattern XSS Targeting URI Placeholders - (244)

Detailed Attack Pattern XSS Targetting HTML Attributes - (243)

Detailed Attack Pattern XSS Through HTTP Headers - (86)

Detailed Attack Pattern XSS Through HTTP Query Strings - (32)

Detailed Attack Pattern XSS Using Alternate Syntax - (199)

Detailed Attack Pattern XSS Using Doubled Characters - (245)

Detailed Attack Pattern XSS Using Invalid Characters - (247)

Detailed Attack Pattern XSS Using MIME Type Mismatch - (209)