Common Attack vectors#

Common attack vectors are:

  • Analysis of vulnerabilities in compiled software without source code

  • Anti-forensic techniques

  • Automated probes and scans

  • Automated widespread attacks

  • Client validation in AJAX routines

  • Cross-site scripting in AJAX

  • Cryptographic Performance Attacks

  • Cyber-threats & bullying (not illegal in all jurisdictions)

  • DoS Attacks

  • Email propagation of malicious code

  • Executable code attacks (against browsers)

  • Exploiting Vulnerabilities

  • GUI intrusion tools

  • HTTPS Interception

  • Industrial espionage

  • Internet social engineering attacks

  • Malicious AJAX code execution

  • Network sniffers

  • Packet Manipulation

  • Packet spoofing

  • Parameter manipulation with SOAP

    • Replay Attack

  • RIA thick client binary vector

  • Rogue Master Attack

  • RSS Atom Injection

  • Session-hijacking

  • Side-channel attack

  • Sophisticated botnet command and control attacks

  • Spoofing

  • Stealth and other advanced scanning techniques

  • Targeting of specific users

  • Web service routing issues

  • Wide-scale trojan distribution

  • Wide-scale use of worms

  • Widespread attacks on DNS infrastructure

  • Widespread attacks using NNTP to distribute attack

  • Widespread, distributed denial-of-service attacks

  • Windows-based remote access trojans (Back Orifice)

  • WSDL scanning and enumeration

  • XML Poisoning

  • XPATH injection in SOAP message

It is recommended that you specify in your solution architecture the attack vectors that apply to your use case. Remember to put the explanation of the attack vectors used in an appendix, since not all your stakeholders know what e.g. ‘Spoofing’ is.