Advanced Threat Reporting Portal - Attack Types

The Advanced Threat Reporting Portal and our monthly reports refer to the "Attack Type" of a particular threat against your site.

It is possible that a single HTTP request may be associated with more than one attack type, and so the attack types are not mutually exclusive.

A summary of the various attack types is below.


Attack Type Description
Buffer overflow Buffer overflow exploits are attacks that alter the flow on an application by overwriting parts of memory.
Directory indexing Automatic directory listing/indexing is a web server function that lists all of the files within a requested directory if the normal base file is not present.
Authentication/authorization attacks Authentication section covers attacks that target a website's method of validating the identity of a user, service, or application. Authorization section covers attacks that target a website's method of determining if a user, service, or application has the necessary permissions to perform a requested action.
Information leakage Information leakage is when a website reveals sensitive data, such as developer comments or error messages, which may aid an attacker in exploiting the system.
Predictable resource location Predictable resource location is an attack technique used to uncover hidden website content and functionality.
Command execution Command execution attacks are those where an attacker manipulates the data for a user-input field by submitting commands with the intent of altering the web page content or web application, with the intent of executing a shell command on a remote server to reveal sensitive data for example, a list of users on a server.
Vulnerability scan A vulnerability scan is an attack technique that uses an automated security program to probe a web application for software vulnerabilities.
Brute force Brute force attack is an outside attempt by hackers to access post-logon pages of a website by guessing usernames and passwords; brute force attacks are performed when a malicious user attempts to log on to a URL numerous times, running many combinations of usernames and passwords until the user successfully logs on.
Denial of Service Denial of service (DoS) is an attack technique that overwhelms system resources to prevent a web site from serving normal user activity.
Trojan/Backdoor/Spyware Attackers use Trojan horse, backdoor, and spyware attacks to try to circumvent a web servers or web applications built-in security by masking the attack within a legitimate communication. For example, an attacker may include an attack in an email or Microsoft Word document, and when a user opens the email or document, the attack launches.
Other application attacks This attack category represents attacks that do not fit into the more explicit attack classifications.
Abuse of functionality Abuse of functionality is an attack technique that uses a website's own features and functionality to consume, defraud, or circumvent the applications access control mechanisms.
Cross-site scripting (XSS) Cross-site scripting (XSS) is an attack technique that forces a website to echo attacker-supplied executable code, which loads in a user's browser.
Server-side code injection SSI injection (server-side include) is a server-side exploit technique that allows an attacker to send code into a web application, which is then run locally by the web server.
SQL injection SQL Injection is an attack technique used to exploit websites that construct SQL statements from user-supplied input.
Detection evasion Detection evasion is an attack technique that attempts to disguise or hide an attack to avoid detection by an attack signature.
Path traversal The path traversal attack technique forces access to files, directories, and commands that potentially reside outside the web document root directory.
LDAP injection LDAP injection is an attack technique used to exploit web sites that construct LDAP statements from user-supplied input.
Forceful Browsing Forceful Browsing attacks attempt to access data outside the specific access schema of the application.
HTTP parser attack HTTP parser attacks attempt to execute malicious code, extract information, or enact Denial of Service by targeting the HTTP parser directly.
HTTP Request Smuggling HTTP Request Smuggling attacks attempt to encapsulate one request within another request through a web proxy.
HTTP Response Splitting HTTP Response Splitting attacks attempt to manipulating the server into inject a CR/LF sequence in its response headers.
Injection Attempt

Injection Attempt attacks exploit weakness in various other applications in order to inject and/or execute malicious code.

Malicious File Upload Malicious File Upload attacks attempt to exploit services by uploading files that may contain malicious code.
Non Browser Client Non Browser Client attacks use crawlers or other scripts to simulate human activity.
Other application activity This attack category represents attacks that do not fit into the more explicit attack classifications.
Parameter tampering Parameter Tampering attacks attempt to manipulate and capture data by modifying parameters in HTTP query strings.
Remote file include Remote file location attacks attempt to exploit web applications that may retrieve and execute the code included in remote files.
Server side code injection Server side code injection attempts to exploit weakness in applications and services to force those services to execute malicous code.
Session Hijacking Session hijacking attacks attempt to hijack a valid extant user session.
Web Scraping Web scraping attacks simulate human exploration of the Web to harvest site information.
XML Parser Attack XML parser attacks attempt execute malicious code or enact a Denial of Service by targeting the XML parser directly.
XPath Injection XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request