Hacking Tutorials

List of All Web Application Attacks

Hello my fellow noob! I have curated a list of nearly all possible attacks related to web applications.

First of all don’t get confused between a vulnerability and an attack. A vulnerability is a weakness, while an attack is something an attacker would do to exploit that weakness.

For example, if a web app isn’t filtering user input its a vulnerability but a attacker uses this to execute commands on the web server that would be a Remote Command Injection attack.
Making a list of vulnerabilities wasn’t easy for me so I just made a list of attacks. After all thats all you need right?

Web Application Attacks List

  • Arbitrary file access
  • Binary planting
  • Blind SQL Injection
  • Blind XPath Injection
  • Brute force attack
  • Buffer overflow attack
  • Cache Poisoning
  • Cash Overflow
  • Clickjacking
  • Command injection attacks
  • Comment Injection Attack
  • Content Security Policy
  • Content Spoofing
  • Credential stuffing
  • Cross Frame Scripting
  • Cross Site History Manipulation (XSHM)
  • Cross Site Tracing
  • Cross-Site Request Forgery (CSRF)
  • Cross Site Port Attack (XSPA)
  • Cross-Site Scripting (XSS)
  • Cross-User Defacement
  • Custom Special Character Injection
  • Denial of Service
  • Direct Dynamic Code Evaluation (‘Eval Injection’)
  • Execution After Redirect (EAR)
  • Exploitation of CORS
  • Forced browsing
  • Form action hijacking
  • Format string attack
  • Full Path Disclosure
  • Function Injection
  • Host Header injection
  • HTTP Response Splitting
  • HTTP verb tampering
  • HTML injection
  • LDAP injection
  • Log Injection
  • Man-in-the-browser attack
  • Man-in-the-middle attack
  • Mobile code: invoking untrusted mobile code
  • Mobile code: non-final public field
  • Mobile code: object hijack
  • One-Click Attack
  • Parameter Delimiter
  • Page takeover
  • Path Traversal
  • Reflected DOM Injection
  • Regular expression Denial of Service – ReDoS
  • Repudiation Attack
  • Resource Injection
  • Server-Side Includes (SSI) Injection
  • Session fixation
  • Session hijacking attack
  • Session Prediction
  • Setting Manipulation
  • Special Element Injection
  • SMTP injection
  • SQL Injection
  • SSI injection
  • Traffic flood
  • Web Parameter Tampering
  • XPATH Injection
  • XSRF or SSRF

Thats a huge list! So go to google and start reading about them.
Good luck!

If I missed something, let me know in the comments. Thanks!

Sources: OWASP, My memory and internet

Also Read: Salting And Salted Hashes Explained

About the author


I am Somdev Sangwan also known as D3V. I am n00b and I love computers and hacking. I am a python freak and your friendly neighborhood hacker.

Add Comment

Click here to post a comment

Subscribe Now

Subscribe for free and get latest articles delivered right into your inbox.

Thank you for subscribing.

Something went wrong.