The Advanced Threat Reporting Portal and our monthly reports refer to the "Attack Type" of a particular threat against your site.
It is possible that a single HTTP request may be associated with more than one attack type, and so the attack types are not mutually exclusive.
A summary of the various attack types is below.
Attack Type | Description |
Buffer overflow | Buffer overflow exploits are attacks that alter the flow on an application by overwriting parts of memory. |
Directory indexing | Automatic directory listing/indexing is a web server function that lists all of the files within a requested directory if the normal base file is not present. |
Authentication/authorization attacks | Authentication section covers attacks that target a website's method of validating the identity of a user, service, or application. Authorization section covers attacks that target a website's method of determining if a user, service, or application has the necessary permissions to perform a requested action. |
Information leakage | Information leakage is when a website reveals sensitive data, such as developer comments or error messages, which may aid an attacker in exploiting the system. |
Predictable resource location | Predictable resource location is an attack technique used to uncover hidden website content and functionality. |
Command execution | Command execution attacks are those where an attacker manipulates the data for a user-input field by submitting commands with the intent of altering the web page content or web application, with the intent of executing a shell command on a remote server to reveal sensitive data for example, a list of users on a server. |
Vulnerability scan | A vulnerability scan is an attack technique that uses an automated security program to probe a web application for software vulnerabilities. |
Brute force | Brute force attack is an outside attempt by hackers to access post-logon pages of a website by guessing usernames and passwords; brute force attacks are performed when a malicious user attempts to log on to a URL numerous times, running many combinations of usernames and passwords until the user successfully logs on. |
Denial of Service | Denial of service (DoS) is an attack technique that overwhelms system resources to prevent a web site from serving normal user activity. |
Trojan/Backdoor/Spyware | Attackers use Trojan horse, backdoor, and spyware attacks to try to circumvent a web servers or web applications built-in security by masking the attack within a legitimate communication. For example, an attacker may include an attack in an email or Microsoft Word document, and when a user opens the email or document, the attack launches. |
Other application attacks | This attack category represents attacks that do not fit into the more explicit attack classifications. |
Abuse of functionality | Abuse of functionality is an attack technique that uses a website's own features and functionality to consume, defraud, or circumvent the applications access control mechanisms. |
Cross-site scripting (XSS) | Cross-site scripting (XSS) is an attack technique that forces a website to echo attacker-supplied executable code, which loads in a user's browser. |
Server-side code injection | SSI injection (server-side include) is a server-side exploit technique that allows an attacker to send code into a web application, which is then run locally by the web server. |
SQL injection | SQL Injection is an attack technique used to exploit websites that construct SQL statements from user-supplied input. |
Detection evasion | Detection evasion is an attack technique that attempts to disguise or hide an attack to avoid detection by an attack signature. |
Path traversal | The path traversal attack technique forces access to files, directories, and commands that potentially reside outside the web document root directory. |
LDAP injection | LDAP injection is an attack technique used to exploit web sites that construct LDAP statements from user-supplied input. |
Forceful Browsing | Forceful Browsing attacks attempt to access data outside the specific access schema of the application. |
HTTP parser attack | HTTP parser attacks attempt to execute malicious code, extract information, or enact Denial of Service by targeting the HTTP parser directly. |
HTTP Request Smuggling | HTTP Request Smuggling attacks attempt to encapsulate one request within another request through a web proxy. |
HTTP Response Splitting | HTTP Response Splitting attacks attempt to manipulating the server into inject a CR/LF sequence in its response headers. |
Injection Attempt |
Injection Attempt attacks exploit weakness in various other applications in order to inject and/or execute malicious code. |
Malicious File Upload | Malicious File Upload attacks attempt to exploit services by uploading files that may contain malicious code. |
Non Browser Client | Non Browser Client attacks use crawlers or other scripts to simulate human activity. |
Other application activity | This attack category represents attacks that do not fit into the more explicit attack classifications. |
Parameter tampering | Parameter Tampering attacks attempt to manipulate and capture data by modifying parameters in HTTP query strings. |
Remote file include | Remote file location attacks attempt to exploit web applications that may retrieve and execute the code included in remote files. |
Server side code injection | Server side code injection attempts to exploit weakness in applications and services to force those services to execute malicous code. |
Session Hijacking | Session hijacking attacks attempt to hijack a valid extant user session. |
Web Scraping | Web scraping attacks simulate human exploration of the Web to harvest site information. |
XML Parser Attack | XML parser attacks attempt execute malicious code or enact a Denial of Service by targeting the XML parser directly. |
XPath Injection | XPath Injection is an attack technique used to exploit applications that construct XPath (XML Path Language) queries from user-supplied input to query or navigate XML documents. |
Comments