Web-API Attacks All - MindMap

on
Web & API Vulnerability Mind Map

Web & API Vulnerability Mind Map

  • Access Control Issues
    • IDOR
    • BOLA / BFLA
    • Privilege Escalation
    • Mass Assignment
  • Authentication & Session
    • Broken Auth
    • Credential Stuffing
    • Session Fixation
    • JWT Attacks: alg:none, RS256→HS256, kid/jku/x5u
  • OAuth / OIDC
    • Redirect URI Attack
    • Login CSRF
    • Scope Abuse
    • PKCE Bypass
    • IDP Confusion
  • XSS (Cross-Site Scripting)
    • Reflected / Stored / DOM XSS
    • mXSS
    • Trusted Type Bypass
    • CSP Bypass
  • Injection Attacks
    • SQLi
    • Command Injection
    • SSTI
    • NoSQL Injection
    • GraphQL Injection
  • API-Specific
    • CORS Misconfig
    • Rate Limiting Bypass
    • OpenAPI/Swagger Exposure
    • REST Verb Tampering
  • Business Logic
    • Coupon Reuse
    • Re-auth Bypass
    • Infinite Credit Exploit
  • File Upload & Path Issues
    • Unrestricted Upload
    • Double Extension (.php.jpg)
    • MIME Sniffing
    • Path Traversal
  • SSRF & Server-Side Issues
    • SSRF to Metadata
    • Host Header Injection
    • File Read via SSRF
    • AWS/GCP Metadata Access
  • Misconfigurations
    • Directory Listing
    • .env / .git Exposure
    • Verbose Errors
    • Debug Mode
  • Modern / Cloud / Supply Chain
    • Webhook Hijacking
    • Dependency Confusion
    • Token Introspection Bypass
    • Device Flow Abuse
  • Advanced Chaining Attacks
    • XSS + CORS → ATO
    • SSRF → File Read → RCE
    • JWT Header Injection + OAuth
    • SAML/JWT Token Substitution
  • HTTP Request Smuggling
    • CL.TE / TE.CL Techniques
    • Desync Attacks
    • Cache Poisoning via Smuggling

Comments

Post a Comment