Structured Lists Directory

CSV

Cyber Attack Vectors - CSV

Cyber attack vectors refer to the paths and methods used by attackers to infiltrate systems and networks, steal sensitive information, or disrupt operations. These are systematically classified in frameworks such as OWASP Top 10 and MITRE ATT&CK, encompassing various techniques including injection attacks, malware, phishing, DDoS, and authentication failures. Understanding these attack vectors is essential for building effective security countermeasures.

cybersecurity attack methods OWASP MITRE ATT&CK vulnerabilities information security 
code,slug,name,description,category,mitreTechnique
A01,broken-access-control,Broken Access Control,Vulnerability where restrictions on authenticated users are not properly enforced.,OWASP Top 10,T1078
A02,security-misconfiguration,Security Misconfiguration,"Security settings are defined, implemented, or maintained improperly.",OWASP Top 10,T1562
A03,software-supply-chain-failures,Software Supply Chain Failures,Vulnerabilities from third-party components and build processes.,OWASP Top 10,T1195
A04,cryptographic-failures,Cryptographic Failures,Failures related to cryptography leading to sensitive data exposure.,OWASP Top 10,T1552
A05,injection,Injection,Untrusted data sent to interpreters as part of commands or queries.,OWASP Top 10,T1059
A06,insecure-design,Insecure Design,Security issues from errors or omissions in application design and architecture.,OWASP Top 10,T1071
A07,authentication-failures,Authentication Failures,Identity and authentication mechanisms implemented incorrectly.,OWASP Top 10,T1078
A08,software-data-integrity-failures,Software or Data Integrity Failures,Code and infrastructure that fails to protect against integrity violations.,OWASP Top 10,T1554
A09,logging-alerting-failures,Security Logging and Alerting Failures,"Insufficient logging, detection, monitoring, and incident response.",OWASP Top 10,T1562
A10,mishandling-exceptional-conditions,Mishandling of Exceptional Conditions,"Errors, exceptions, and edge cases not handled securely.",OWASP Top 10,T1499
M01,malware,Malware,System compromise through malicious software.,Malware,T1055
M02,ransomware,Ransomware,Malware that encrypts data and demands ransom.,Malware,T1486
P01,phishing,Phishing,Attack using deceptive communications to steal sensitive information.,Social Engineering,T1566
D01,ddos,DDoS Attack,Distributed Denial of Service attack that cripples systems.,Network Attack,T1498
I01,sql-injection,SQL Injection,Attack that injects malicious SQL into database queries.,Injection Attack,T1190
I02,xss,Cross-Site Scripting (XSS),Attack that injects malicious scripts into web applications.,Injection Attack,T1189
I03,csrf,Cross-Site Request Forgery (CSRF),Attack that forces authenticated users' browsers to send unintended requests.,Injection Attack,T1204
N01,man-in-the-middle,Man-in-the-Middle (MitM),Attack that intercepts communications for eavesdropping or tampering.,Network Attack,T1557
C01,credential-theft,Credential Theft,Attack that steals passwords and authentication information.,Authentication Attack,T1555
C02,privilege-escalation,Privilege Escalation,Attack that escalates from low to high privileges.,Authentication Attack,T1068