Structured Lists Directory

INI

Cyber Attack Vectors - INI

Cyber attack vectors refer to the paths and methods used by attackers to infiltrate systems and networks, steal sensitive information, or disrupt operations. These are systematically classified in frameworks such as OWASP Top 10 and MITRE ATT&CK, encompassing various techniques including injection attacks, malware, phishing, DDoS, and authentication failures. Understanding these attack vectors is essential for building effective security countermeasures.

cybersecurity attack methods OWASP MITRE ATT&CK vulnerabilities information security 
[item.broken-access-control]
code=A01
slug=broken-access-control
name=Broken Access Control
description=Vulnerability where restrictions on authenticated users are not properly enforced.
category=OWASP Top 10
mitreTechnique=T1078

[item.security-misconfiguration]
code=A02
slug=security-misconfiguration
name=Security Misconfiguration
description=Security settings are defined, implemented, or maintained improperly.
category=OWASP Top 10
mitreTechnique=T1562

[item.software-supply-chain-failures]
code=A03
slug=software-supply-chain-failures
name=Software Supply Chain Failures
description=Vulnerabilities from third-party components and build processes.
category=OWASP Top 10
mitreTechnique=T1195

[item.cryptographic-failures]
code=A04
slug=cryptographic-failures
name=Cryptographic Failures
description=Failures related to cryptography leading to sensitive data exposure.
category=OWASP Top 10
mitreTechnique=T1552

[item.injection]
code=A05
slug=injection
name=Injection
description=Untrusted data sent to interpreters as part of commands or queries.
category=OWASP Top 10
mitreTechnique=T1059

[item.insecure-design]
code=A06
slug=insecure-design
name=Insecure Design
description=Security issues from errors or omissions in application design and architecture.
category=OWASP Top 10
mitreTechnique=T1071

[item.authentication-failures]
code=A07
slug=authentication-failures
name=Authentication Failures
description=Identity and authentication mechanisms implemented incorrectly.
category=OWASP Top 10
mitreTechnique=T1078

[item.software-data-integrity-failures]
code=A08
slug=software-data-integrity-failures
name=Software or Data Integrity Failures
description=Code and infrastructure that fails to protect against integrity violations.
category=OWASP Top 10
mitreTechnique=T1554

[item.logging-alerting-failures]
code=A09
slug=logging-alerting-failures
name=Security Logging and Alerting Failures
description=Insufficient logging, detection, monitoring, and incident response.
category=OWASP Top 10
mitreTechnique=T1562

[item.mishandling-exceptional-conditions]
code=A10
slug=mishandling-exceptional-conditions
name=Mishandling of Exceptional Conditions
description=Errors, exceptions, and edge cases not handled securely.
category=OWASP Top 10
mitreTechnique=T1499

[item.malware]
code=M01
slug=malware
name=Malware
description=System compromise through malicious software.
category=Malware
mitreTechnique=T1055

[item.ransomware]
code=M02
slug=ransomware
name=Ransomware
description=Malware that encrypts data and demands ransom.
category=Malware
mitreTechnique=T1486

[item.phishing]
code=P01
slug=phishing
name=Phishing
description=Attack using deceptive communications to steal sensitive information.
category=Social Engineering
mitreTechnique=T1566

[item.ddos]
code=D01
slug=ddos
name=DDoS Attack
description=Distributed Denial of Service attack that cripples systems.
category=Network Attack
mitreTechnique=T1498

[item.sql-injection]
code=I01
slug=sql-injection
name=SQL Injection
description=Attack that injects malicious SQL into database queries.
category=Injection Attack
mitreTechnique=T1190

[item.xss]
code=I02
slug=xss
name=Cross-Site Scripting (XSS)
description=Attack that injects malicious scripts into web applications.
category=Injection Attack
mitreTechnique=T1189

[item.csrf]
code=I03
slug=csrf
name=Cross-Site Request Forgery (CSRF)
description=Attack that forces authenticated users' browsers to send unintended requests.
category=Injection Attack
mitreTechnique=T1204

[item.man-in-the-middle]
code=N01
slug=man-in-the-middle
name=Man-in-the-Middle (MitM)
description=Attack that intercepts communications for eavesdropping or tampering.
category=Network Attack
mitreTechnique=T1557

[item.credential-theft]
code=C01
slug=credential-theft
name=Credential Theft
description=Attack that steals passwords and authentication information.
category=Authentication Attack
mitreTechnique=T1555

[item.privilege-escalation]
code=C02
slug=privilege-escalation
name=Privilege Escalation
description=Attack that escalates from low to high privileges.
category=Authentication Attack
mitreTechnique=T1068