[+] Sql Injection Attack
[+] Hibernate Query Language Injection
[+] Direct OS Code Injection
[+] XML Entity Injection
[+] Broken Authentication and Session
Management
[+] Cross-Site Scripting (XSS)
[+] Insecure Direct Object References
[+] Security Misconfiguration
[+] Sensitive Data Exposure
[+] Missing Function Level Access Control
[+] Cross-Site Request Forgery (CSRF)
[+] Using Components with Known Vulnerabilities
[+] Unvalidated Redirects and Forwards
[+] Cross Site Scripting Attacks
[+] Click Jacking Attacks
[+] DNS Cache Poisoning
[+] Symlinking – An Insider Attack
[+] Cross Site Request Forgery Attacks
[+] Remote Code Execution Attacks
[+] Remote File inclusion
[+] Local file inclusion
[+] EverCookie
[+] Denial oF Service Attack
[+] Cookie Eviction
[+] PHPwn
[+] NAT Pinning
[+] XSHM
[+] MitM DNS Rebinding SSL/TLS Wildcards and
XSS
[+] Quick Proxy Detection
[+] Improving HTTPS Side Channel Attacks
[+] Side Channel Attacks in SSL
[+] Turning XSS into Clickjacking
[+] Bypassing CSRF protections with Click
Jacking and
[+] HTTP Parameter Pollution
[+] URL Hijacking
[+] Stroke Jacking
[+] Fooling B64_Encode(Payload) on WAFs And
Filters
[+] MySQL Stacked Queries with SQL Injection.
[+] Posting Raw XML cross-domain
[+] Generic Cross-Browser Cross-Domain theft
[+] Attacking HTTPS with Cache Injection
[+] Tap Jacking
[+] XSS - Track
[+] Next Generation Click Jacking
[+] XSSing Client-Side Dynamic HTML.
[+] Stroke triggered XSS and Stroke Jacking
[+] Lost iN Translation
[+] Persistent Cross Interface Attacks
[+] Chronofeit Phishing
[+] SQLi Filter Evasion Cheat Sheet (MySQL)
[+] Tabnabbing
[+] UI Redressing
[+] Cookie Poisoning
[+] SSRF
[+] Bruteforce of PHPSESSID
[+] Blended Threats and JavaScript
[+] Cross-Site Port Attacks
[+] CAPTCHA Re-Riding Attack
*Web Application Attacks List :*
Arbitrary file access
Binary planting
Blind SQL Injection
Blind XPath Injection
Brute force attack
Buffer overflow attack
Cache Poisoning
Cash Overflow
Clickjacking
Command injection attacks
Comment Injection Attack
Content Security Policy
Content Spoofing
Credential stuffing
Cross Frame Scripting
Cross Site History Manipulation (XSHM)
Cross Site Tracing
Cross-Site Request Forgery (CSRF)
Cross Site Port Attack (XSPA)
Cross-Site Scripting (XSS)
Cross-User Defacement
Custom Special Character Injection
Denial of Service
Direct Dynamic Code Evaluation (‘Eval Injection’)
Execution After Redirect (EAR)
Exploitation of CORS
Forced browsing
Form action hijacking
Format string attack
Full Path Disclosure
Function Injection
Host Header injection
HTTP Response Splitting
HTTP verb tampering
HTML injection
LDAP injection
Log Injection
Man-in-the-browser attack
Man-in-the-middle attack
Mobile code: invoking untrusted mobile code
Mobile code: non-final public field
Mobile code: object hijack
One-Click Attack
Parameter Delimiter
Page takeover
Path Traversal
Reflected DOM Injection
Regular expression Denial of Service – ReDoS
Repudiation Attack
Resource Injection
Server-Side Includes (SSI) Injection
Session fixation
Session hijacking attack
Session Prediction
Setting Manipulation
Special Element Injection
SMTP injection
SQL Injection
SSI injection
Traffic flood
Web Parameter Tampering
XPATH Injection
XSRF or SSRF
