1. Data Breach
A data breach is a cyberattack in which sensitive, sensitive or protected data is compromised or disclosed. Data breaches can happen to organizations of all sizes. The data stolen might include personally identifiable information (PHI), protected health information (PHI), trade secrets, customer data, or other sensitive data.
If a data breach results in theft of personal information or a breach of government or industry compliance obligations, the offending organization can face fines, lawsuits, reputational damage and operational disruption.
Learn more in our detailed guide to data breaches.
Server-side request forgery (SSRF) is a web security vulnerability that allows an attacker to send a request to an unexpected location in a server-side application.
In a typical SSRF attack, an attacker can convince a server to establish a connection to an internal private service within the organization's infrastructure. It can also force the server to connect to external systems, exposing sensitive data such as credentials.
Learn more in our detailed guide to SSRF
XML External Entity Injection (XXE) is a web security vulnerability that allows an attacker to compromise an application by exploiting the way it handles XML data. In most XXE attacks, attackers can view files on the application server's file system and interact with backends or external systems that the application itself has access to.
In some cases, attackers can exploit XXE vulnerabilities to launch server-side request forgery (SSRF) attacks, compromising underlying servers or other backend infrastructure.
Learn more in our detailed guide to XXE
Cross-site scripting (also known as XSS) is a web security vulnerability that can compromise user interaction with vulnerable applications. It allows attackers to bypass same-origin policies designed to isolate commands originating from different websites.
An XSS vulnerability allows an attacker to impersonate a user of an application, perform any actions for which the user has privileges, and gain access to the user’s data. If the victim's user has administrative access to the application, XSS enables complete compromise of the application and its data.
Learn more in our detailed guide to XSS payloads (coming soon)
5. Code Injection
Code injection is a generic term for an attack in which attackers inject code that is accepted by the application as a benign input, and is interpreted or executed by the application, but in fact contains malicious instructions.
This type of attack exploits improper validation of untrusted data in an application. Common types of code injection include command injection, SQL injection, and PHP injection.
Learn more in our detailed guide to code injection (coming soon)
6. Command Injection
Command injection is an attack designed to execute arbitrary commands on the host operating system through a vulnerable application. Command injection attacks can occur when an application passes insecure user-supplied data, such as forms, cookies, or HTTP headers, to the system shell.
In a command injection attack, attacker-supplied operating system commands are typically executed with the privileges of the vulnerable application. Command injection attacks are caused by insufficient input validation.
7. SQL Injection
SQL injection is a technique used by attackers to gain unauthorized access to web application databases by appending malicious code strings to database queries.
Attackers manipulate SQL code to provide access to protected resources such as sensitive data and execute malicious SQL statements. Properly executed SQL injection can expose intellectual property, customer data, or private company administrator credentials. Most techniques use command characters that switch the context of a SQL query to perform unexpected actions on the database.
SQL injection attacks can target any application that uses a SQL database, and websites are the most common attack target. Common SQL databases include MySQL, Oracle, and SQL Server. With the advent of NoSQL databases, attackers have discovered similar techniques to perform NoSQL injection.
Learn more in our detailed guide to SQL injection attack (coming soon)
8. Remote Code Execution
Remote code execution (RCE) allows an attacker to execute malicious code remotely on a computer. This vulnerability allows an attacker to take complete control of an affected system with the privileges of the user running the application. After gaining access to the system, attackers often attempt to escalate privileges.
Many other types of attacks listed here could lead to RCE in some circumstances, and a range of vulnerabilities in operating systems and applications enable RCE. Any attack or exploit that enables RCE is considered highly severe and can have disastrous consequences.
Learn more in our detailed guide to remote code execution (coming soon)
9. Credential Stuffing
Credential stuffing is the automatic insertion of stolen credentials into website login forms to gain unauthorized access to user accounts.
Many users reuse the same password and username pairs, so if those credentials are exposed in a data breach or via phishing attacks, they can enable attackers access to multiple systems. Attackers attempt to submit the same credentials to hundreds of websites to gain access to additional accounts.
Credential stuffing is similar to a brute force attack, but instead of trying random strings or dictionaries of common passwords, it uses known passwords obtained in previous breaches.
Learn more in our detailed guide to credential stuffing (coming soon)
10. Advanced Persistent Threat
Advanced persistent threat (APT) is a broad term used to describe an attack in which an intruder or team of intruders gains a long-term presence on a network, usually with the goal of stealing sensitive data.
The targets of these attacks are carefully selected and investigated and often involve large corporate or government networks. Many APT attackers are part of organized cybercrime groups, or might be supported by hostile nation states, meaning they have the resources, technology, and time to conduct highly sophisticated attacks.
APT attackers can use a variety of methods to penetrate a network without being detected. They perform lateral movement, escalate privileges, and deploy malware such as trojans or rootkits that allows them to gain a persistent hold. Attackers may dwell on the network for months or years, continuously exfiltrating valuable data.
Learn more in our detailed guide to advanced persistent threats (coming soon)
11. Supply Chain Attacks
A supply chain attack exploits a weak link in an organization's supply chain. A supply chain is a network of all individuals, organizations, resources, activities and technologies involved in the creation and sale of a product. The supply chain includes all aspects of material delivery, from supplier to manufacturer to end-user delivery.
In several recent attacks, sophisticated attackers targeted the software supply chain, by compromising software components or systems that were trusted by and deployed by thousands of organizations worldwide. This makes it critical for organizations to closely vet the security standards of their vendors, third-party software components, and IT systems.
Learn more in our detailed guide to supply chain attacks
12. Cache Poisoning
Cache poisoning is a network attack in which an attacker injects incorrect information into the Domain Name System (DNS) or web cache to harm users. Attackers use a web server and cache to propagate incorrect information to a DNS server or a target system’s cache, with the goal of delivering malicious Hypertext Transfer Protocol (HTTP) responses to users.
Typically, DNS cache poisoning diverts traffic from legitimate websites to malicious websites controlled by an attacker. This leaves users vulnerable to risks such as malware infection and data theft.
Learn more in our detailed guide to cache poisoning (coming soon)
13. HTTP Request Smuggling
HTTP request smuggling attacks exploit inconsistencies in the way two HTTP servers parse a non-RFC-compliant HTTP request. Typically these are a back-end server and an HTTP-enabled firewall or proxy. The attacker crafts several custom HTTP requests that hide or “smuggle” a malicious request in a seemingly benign request.
Through HTTP smuggling vulnerabilities, attackers can bypass security measures, gain access to sensitive information, and hijack user sessions. This attack can also lead to secondary exploits such as firewall bypass, partial cache poisoning, and cross-site scripting (XSS).
Learn more in our detailed guide to HTTP request smuggling (coming soon)
14. LFI and RFI
Local file inclusion (LFI) is a web vulnerability that can allow an attacker to run or access a file on a vulnerable website or web application. This can allow the attacker to read sensitive files, access sensitive information, and execute arbitrary commands on the back-end server.
Remote file inclusion (RFI) is the process of including remote files by exploiting a vulnerable include file inclusion process implemented in the application. It is different from LFI because it allows an attacker to execute malicious code from an external source, instead of accessing files already present on a local web server.
In an RFI attack, a hacker uses the dynamic file inclusion capability, present in many web frameworks, to upload a malicious external file or script. If a web application accepts user input (such as URL and parameter values) and passes it to the file inclusion mechanism without proper validation, attackers can perform RFI to inject a malicious script or executable.
Learn more in our detailed guide to local file inclusion (coming soon)
An insecure direct object reference (IDOR) attack occurs when an application provides direct access to an object based on custom input from the user. Attackers can gain direct, unauthorized access to resources by changing the value of a parameter to directly point to an object—which might be a database entry or any file on the local system.
This can allow an attacker to bypass authentication and directly access sensitive resources on the system, such as database records and files.
Learn more in our detailed guide to IDOR vulnerabilities
16. Cloud Misconfiguration
Security misconfigurations are common in cloud environments. They happen when security settings are not defined correctly, or insecure default values are used. A simple example is a cloud bucket containing sensitive data, which is exposed to the Internet with no authentication.
Most cloud-based services can be configured securely, but this requires vigilance on the part of the cloud customer. Misconfiguration often occurs when users set up a cloud resource without properly securing it, leaving it open to exploitation by attackers. In other cases, cloud resources may have been properly secured at the time, but may have become insecure due to a new vulnerability or a change to the cloud environment.
Misconfigured compute instances, storage buckets, cloud databases, containers, or software as a service (SaaS) applications (to name only a few types of cloud resources), can easily be detected by attackers using a variety of scanning tools. Many large-scale, highly publicized breaches were the result of cloud misconfigurations that were not detected and remediated in time by the organization. This raises the need for continuous scanning of cloud systems and rapid remediation of security misconfigurations.
Learn more in our detailed guide to security misconfiguration