| Server Side Attacks – Request HTTP Response Splitting Information Leakage Error messages dispaly Session and cookies Credential/Session Prediction Non-HttpOnly Session Cookie Unsecured Session Cookie Insufficient Session Expiration Session Fixation Persistent Session Cookie | Server Side Attacks – Response HTTP Response Splitting Information Leakage Error messages dispaly Session and cookies Credential/Session Prediction Non-HttpOnly Session Cookie Unsecured Session Cookie Insufficient Session Expiration Session Fixation Persistent Session Cookie |
Web Expolit – Request Directory Traversal Path Traversal Buffer Overflow SQL Injection Improper Input Handling Server Misconfiguration OS Command Injection RFI LFI Web defacement HTTP Request Splitting HTTP smuggling | Client side attacks Autocomplete Attribute Cross Site Scripting Cross Site Request Forgery Weak Password Recovery Validation Click jacking |
| Protocols attacks Invalid HTTP Method Usage Null Byte Injection Format string attacks HTTP structure JSON stracture missuse HTTP Response Splitting Information Leakage Error messages dispaly Fingerprinting Directory guessing Predictable Resource Location | Floods and Slow attacks Slowloris Slow read Slow post Session and cookies Credential/Session Prediction Non-HttpOnly Session Cookie Unsecured Session Cookie Insufficient Session Expiration Session Fixation Persistent Session Cookie |
| Business Attacks Web scarping Denial of Service Brute Force Credentials stuffing Bots |