[+] Cross Frame Scripting
[+] Cross Site History Manipulation (XSHM)
[+] Cross Site Tracing
[+] Cross-Site Request Forgery (CSRF)
[+] Cross Site Port Attack (XSPA)
[+] Cross-Site Scripting (XSS)
[+] Cross-User Defacement
[+] Custom Special Character Injection
[+] Denial of Service
[+] Direct Dynamic Code Evaluation (Eval Injection)
[+] Execution After Redirect (EAR)
[+] Exploitation of CORS
[+] Forced browsing
[+] Form action hijacking
[+] Format string attack
[+] Full Path Disclosure
[+] Function Injection
[+] Host Header injection
[+] HTTP Response Splitting
[+] HTTP verb tampering
[+] HTML injection
[+] LDAP injection
[+] Log Injection
[+] Man-in-the-browser attack
[+] Man-in-the-middle attack
[+] Mobile code: invoking untrusted mobile code
[+] Mobile code: non-final public field
[+] Mobile code: object hijack
[+] One-Click Attack
[+] Parameter Delimiter
[+] Page takeover
[+] Path Traversal
[+] Reflected DOM Injection
[+] Regular expression Denial of Service – ReDoS
[+] Repudiation Attack
[+] Resource Injection
[+] Server-Side Includes (SSI) Injection
[+] Session fixation
[+] Session hijacking attack
[+] Session Prediction
[+] Setting Manipulation
[+] Special Element Injection
[+] SMTP injection
[+] SQL Injection
[+] SSI injection
[+] Traffic flood
[+] Web Parameter Tampering
[+] XPATH Injection
[+] XSRF or SSRF
[+] Sql Injection Attack
[+] Hibernate Query Language Injection
[+] Direct OS Code Injection
[+] XML Entity Injection
[+] Broken Authentication and Session Management
[+] Cross-Site Scripting (XSS)
[+] Insecure Direct Object References
[+] Security Misconfiguration
[+] Sensitive Data Exposure
[+] Missing Function Level Access Control
[+] Cross-Site Request Forgery (CSRF)
[+] Using Components with Known Vulnerabilities
[+] Unvalidated Redirects and Forwards
[+] Cross Site Scripting Attacks
[+] Click Jacking Attacks
[+] DNS Cache Poisoning
• • •
Missing some Tweet in this thread? You can try to
force a refresh