[+] Sql Injection Attack
[+] Hibernate Query Language Injection
[+] Direct OS Code Injection
[+] XML Entity Injection
[+] Broken Authentication and Session
Management
[+] Cross-Site Scripting (XSS)
[+] Insecure Direct Object References
[+] Security Misconfiguration
[+] Sensitive Data Exposure
[+] Missing Function Level Access Control
[+] Cross-Site Request Forgery (CSRF)
[+] Using Components with Known Vulnerabilities
[+] Unvalidated Redirects and Forwards
[+] Cross Site Scripting Attacks
[+] Click Jacking Attacks
[+] DNS Cache Poisoning
[+] Symlinking – An Insider Attack
[+] Cross Site Request Forgery Attacks
[+] Remote Code Execution Attacks
[+] Remote File inclusion
[+] Local file inclusion
[+] EverCookie
[+] Denial oF Service Attack
[+] Cookie Eviction
[+] PHPwn
[+] NAT Pinning
[+] XSHM
[+] MitM DNS Rebinding SSL/TLS Wildcards and
XSS
[+] Quick Proxy Detection
[+] Improving HTTPS Side Channel Attacks
[+] Side Channel Attacks in SSL
[+] Turning XSS into Clickjacking
[+] Bypassing CSRF protections with Click
Jacking and
[+] HTTP Parameter Pollution
[+] URL Hijacking
[+] Stroke Jacking
[+] Fooling B64_Encode(Payload) on WAFs And
Filters
[+] MySQL Stacked Queries with SQL Injection.
[+] Posting Raw XML cross-domain
[+] Generic Cross-Browser Cross-Domain theft
[+] Attacking HTTPS with Cache Injection
[+] Tap Jacking
[+] XSS - Track
[+] Next Generation Click Jacking
[+] XSSing Client-Side Dynamic HTML.
[+] Stroke triggered XSS and Stroke Jacking
[+] Lost iN Translation
[+] Persistent Cross Interface Attacks
[+] Chronofeit Phishing
[+] SQLi Filter Evasion Cheat Sheet (MySQL)
[+] Tabnabbing
[+] UI Redressing
[+] Cookie Poisoning
[+] SSRF
[+] Bruteforce of PHPSESSID
[+] Blended Threats and JavaScript
[+] Cross-Site Port Attacks
[+] CAPTCHA Re-Riding Attack

 *Web Application Attacks List :*
    Arbitrary file access
    Binary planting
    Blind SQL Injection
    Blind XPath Injection
    Brute force attack
    Buffer overflow attack
    Cache Poisoning
    Cash Overflow
    Clickjacking
    Command injection attacks
    Comment Injection Attack
    Content Security Policy
    Content Spoofing
    Credential stuffing
    Cross Frame Scripting
    Cross Site History Manipulation (XSHM)
    Cross Site Tracing
    Cross-Site Request Forgery (CSRF)
    Cross Site Port Attack (XSPA)
    Cross-Site Scripting (XSS)
    Cross-User Defacement
    Custom Special Character Injection
    Denial of Service
    Direct Dynamic Code Evaluation (‘Eval Injection’)
    Execution After Redirect (EAR)
    Exploitation of CORS
    Forced browsing
    Form action hijacking
    Format string attack
    Full Path Disclosure
    Function Injection
    Host Header injection
    HTTP Response Splitting
    HTTP verb tampering
    HTML injection
    LDAP injection
    Log Injection
    Man-in-the-browser attack
    Man-in-the-middle attack
    Mobile code: invoking untrusted mobile code
    Mobile code: non-final public field
    Mobile code: object hijack
    One-Click Attack
    Parameter Delimiter
    Page takeover
    Path Traversal
    Reflected DOM Injection
    Regular expression Denial of Service – ReDoS
    Repudiation Attack
    Resource Injection
    Server-Side Includes (SSI) Injection
    Session fixation
    Session hijacking attack
    Session Prediction
    Setting Manipulation
    Special Element Injection
    SMTP injection
    SQL Injection
    SSI injection
    Traffic flood
    Web Parameter Tampering
    XPATH Injection
    XSRF or SSRF