The Web Parameter Tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as ...

The attack aims to explore flaws in the decoding mechanism implemented on applications when decoding Unicode data format. An attacker can use this technique to ...

A Trojan Horse is a program that uses malicious code masqueraded as a trusted application. The malicious code can be injected on benign applications, ...

Traffic Flood is a type of DoS attack targeting web servers. The attack explores the way that the TCP connection is managed. The attack consists of the ...

Spyware is a program that captures statistical information from a user's computer and sends it over internet without user acceptance. This information is ...

Special Element Injection is a type of injection attack that exploits a weakness related to reserved words and special characters. Every programming language ...

This attack aims to modify application settings in order to cause misleading data or advantages on the attacker's behalf. They may manipulate values in the ...

The Session Hijacking attack consists of the exploitation of the web session control mechanism, which is normally managed for a session token. Because http ...

Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages ...

The session prediction attack focuses on predicting session ID values that permit an attacker to bypass the authentication schema of an application. By ...

In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can ...

SSIs are directives present on Web applications used to feed an HTML page with dynamic contents. They are similar to CGIs, except that SSIs are used to execute ...

A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection ...

A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection ...

Reverse tabnabbing is an attack where a page linked from the target page is able to rewrite that page, for example to replace it with a phishing site. As the ...

This attack consists of changing resource identifiers used by an application in order to perform a malicious task. When an application defines a resource type ...

A repudiation attack happens when an application or system does not adopt controls to properly track and log users' actions, thus permitting malicious ...

The Regular expression Denial of Service (ReDoS) is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach ...

Reflected DOM Injection, or RDI, is a form of Stored Cross-Site Scripting. The outline of the attack is as follows: Crawler G retrieves data elements ...

QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely ...