Structured Lists Directory

TSV

Cyber Attack Vectors - TSV

Cyber attack vectors refer to the paths and methods used by attackers to infiltrate systems and networks, steal sensitive information, or disrupt operations. These are systematically classified in frameworks such as OWASP Top 10 and MITRE ATT&CK, encompassing various techniques including injection attacks, malware, phishing, DDoS, and authentication failures. Understanding these attack vectors is essential for building effective security countermeasures.

cybersecurity attack methods OWASP MITRE ATT&CK vulnerabilities information security 
code	slug	name	description	category	mitreTechnique
A01	broken-access-control	Broken Access Control	Vulnerability where restrictions on authenticated users are not properly enforced.	OWASP Top 10	T1078
A02	security-misconfiguration	Security Misconfiguration	Security settings are defined, implemented, or maintained improperly.	OWASP Top 10	T1562
A03	software-supply-chain-failures	Software Supply Chain Failures	Vulnerabilities from third-party components and build processes.	OWASP Top 10	T1195
A04	cryptographic-failures	Cryptographic Failures	Failures related to cryptography leading to sensitive data exposure.	OWASP Top 10	T1552
A05	injection	Injection	Untrusted data sent to interpreters as part of commands or queries.	OWASP Top 10	T1059
A06	insecure-design	Insecure Design	Security issues from errors or omissions in application design and architecture.	OWASP Top 10	T1071
A07	authentication-failures	Authentication Failures	Identity and authentication mechanisms implemented incorrectly.	OWASP Top 10	T1078
A08	software-data-integrity-failures	Software or Data Integrity Failures	Code and infrastructure that fails to protect against integrity violations.	OWASP Top 10	T1554
A09	logging-alerting-failures	Security Logging and Alerting Failures	Insufficient logging, detection, monitoring, and incident response.	OWASP Top 10	T1562
A10	mishandling-exceptional-conditions	Mishandling of Exceptional Conditions	Errors, exceptions, and edge cases not handled securely.	OWASP Top 10	T1499
M01	malware	Malware	System compromise through malicious software.	Malware	T1055
M02	ransomware	Ransomware	Malware that encrypts data and demands ransom.	Malware	T1486
P01	phishing	Phishing	Attack using deceptive communications to steal sensitive information.	Social Engineering	T1566
D01	ddos	DDoS Attack	Distributed Denial of Service attack that cripples systems.	Network Attack	T1498
I01	sql-injection	SQL Injection	Attack that injects malicious SQL into database queries.	Injection Attack	T1190
I02	xss	Cross-Site Scripting (XSS)	Attack that injects malicious scripts into web applications.	Injection Attack	T1189
I03	csrf	Cross-Site Request Forgery (CSRF)	Attack that forces authenticated users' browsers to send unintended requests.	Injection Attack	T1204
N01	man-in-the-middle	Man-in-the-Middle (MitM)	Attack that intercepts communications for eavesdropping or tampering.	Network Attack	T1557
C01	credential-theft	Credential Theft	Attack that steals passwords and authentication information.	Authentication Attack	T1555
C02	privilege-escalation	Privilege Escalation	Attack that escalates from low to high privileges.	Authentication Attack	T1068