Application Common Attack Vectors (A-CAV)

Hackitca Attack index


🟧 1. Web Exploits (Request-Based Attacks)

  • SQL Injection
  • OS Command Injection
  • Remote/Local File Inclusion (RFI/LFI)
  • Directory Traversal / Path Traversal
  • HTTP Smuggling
  • HTTP Request Splitting
  • Buffer Overflow
  • Server Misconfiguration
  • Improper Input Handling
  • Web Defacement

🟨 2. Client-Side Attacks

  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Clickjacking
  • Autocomplete Attribute Abuse
  • Weak Password Recovery Validation

🟩 3. Server-Side Attacks (Session & State Manipulation)

  • Session Fixation
  • Session Prediction
  • Persistent Session Cookies
  • Insufficient Session Expiration
  • Non-HttpOnly Cookies
  • Unsecured Cookies
  • Credential Leakage via Session
  • HTTP Response Splitting

🟦 4. Protocol & Structure Exploits

  • Invalid HTTP Method Usage
  • Null Byte Injection
  • Format String Attacks
  • Malformed HTTP Requests
  • JSON/XML Structure Misuse

🟪 5. Information Disclosure

  • Error Message Display
  • Server/Application Fingerprinting
  • Directory Guessing
  • Predictable Resource Location

🟥 6. Flooding & Slow Attacks

  • Slowloris
  • Slow Read
  • Slow POST

⬛ 7. Business Logic & Abuse Attacks

  • Brute Force Login
  • Credential Stuffing
  • Denial of Service (DoS)
  • Web Scraping
  • Automated Bots