Target Acquisition/Fingerprinting (170)
VulnerabilityScanning (116)
VulnerabilityExploitation
ExploitationVerification
XSSRemote FileInclude
Local FileInclude
DirectoryTraversal
Weakness Identification& Exploitation PUSH
Flood
HTTPFlood Attacks
(448)
ResourceExhaustion
GETFlood
POSTFlood
ApplicationModification
Man-in-theBrowser
AdvertInjection
Layer 7HTTP DoS
Layer 7Application DoS
HTTPSlow Attacks
Slow POST SlowlorisSlow GET
HEADFlood
RecursiveSimple
LOIC
Slow Read
Railgun
Slow HEAD
Random URL Random Search
CostEscalation
IT ServiceProvider Charges
Auto-ScalingCloud Services'Cash Overflow'
Bandwidth
TransactionCharges
FinancialTransactions
DeliveryCosts
HumanResources
DatabaseRead/Write
Memory
FileSystem
FunctionAbuse
BusinessLogic DoS
Application ServerResource DoS
(130)
Operating System
Disk Caching
Temporary Files
User GeneratedContent (Files)
CPU
Logs
InefficientCode/Queries
Sevice/GoodsDoS
Sold Out
AllocationGone
ExcessiveSession Data
BufferOverflow
Failure toRelease Resources
Control byUser Input
Threads
Processes
ResourceLocking
TrafficSpikes
Monitoring
Testing
UptimeMalware
Search EngineCrawl
SlashdotEffect
LinkChecking
Search EngineAlerting Tools Search Engines
Marketing
Functional
Non-Functional
User-SpecificDoS
Spam
SMS
Disruption
Disablement
LoopCounter
ObjectCreation
InventorySize
Hash DoS
Regular ExpressionExponential Blowup
(492)
Social MediaBots & Service
Agents
AutomatedAuditing
Acts of God
Indexing
FileUpload
DataParsing
ServerApplication
ClientApplication
Active
Passive
OS CommandInjection
ParameterTampering
SQLInjectionCSRF
XML EntityExpansion
XML AttributeBlowup
AccountLockout (2)
ExcessiveAnti-FraudMeasures
ContentAddition
FakeAccount
Add/ChangeUser Generated
Content
Misuse as aDistribution
Channel
FormHijacking
Form to SMSSpam
PhysicalWorldEffects
Form to EmailSpam
Malware
Advertisements
Photographsand Videos
System ComponentGeneration
Application
Host
UnauthorisedApplication
UnauthorisedFile Store
AttackPlatform
Bot
Command &Control Server
Amplification(490)
AttackInternal System
InternetMappers
Response/Blog/Comment Spam
SEOElevation
AutomatedPosts
InfluenceOthers
UndermineReputation
Dilute/HideOthers'Posts
CauseMischief
SearchEngine
Blacklisting
Anti-SpamCheck DoS
ReverseLookup
PingBack
ReputationCheck
SSLFlood(489)
AssetExtraction
Content
Logic
Scraping
MediaScraping
WebScraping
DatabaseScraping
MemoryScraping
ReverseEngineering
(188, 189, 192)
Source CodeExtraction
(167)
ApplicationAnalysis
Cryptanalysis(97)
IdentityTheft
SystemCredential Theft
BusinessInformation Theft
Harvesting/Theft
TradeSecrets
IntellectualProperty Theft
PersonalData Theft
AccountCredentials
CredentialStuffing
CrackingLogins
Operator
Application
User
Ransomware
AuthenticationBypass
SessionHijacking
AccountHijacking
Fiat Money
Authentication &Session Management
Analysis
AccountCredential
Theft
PersonalAsset Theft
Financial Instruments
Virtual Assets
Awards and Points
PersonalData Misuse
PhysicalAssets
Status
Score
Virtual Currency
Credit
Reputation
Identity
ClientCode Injection
Social MediaIdentity Cloning
Forceful BrowsingFiles and Directories
(87)Fuzzing
(113)
Data Aggregation
ComparisonSites
CompetitorsIndexers &Search Crawlers
IdentityFraud
Researchers
Customer/Client/Citizen
Theft
PublicInformation
ApprovedAggregators
HumanTrafficking
IllegalImmigration
DrugTrafficking
Endangered SpeciesTrafficking
Trafficking
Online &Offline Scams
AccountUsernameHarvesting
Email AddressHarvesting
Intermediary
Trojans &Toolkits
Brute-Force(49)
Dictionary
Guessing
EnhanceReputationGain
Fame
Defacement
ContentSpoofing
HTMLinjection
TextInjection
VulnerabilityScanning
NetworkEnumeration
AnotherApplication
AttackExternal System
ServerApplication
ClientApplication
VulnerabilityScanning
Bot
Denial of Service
Spamming
BitcoinMining
Proxy Network
NetworkEnumeration
BrowserHistory
Phishing
Reverse Shell
Denial of Service
StolenAssets
ChildAbuse
IFrameDistribution
PrivacyViolation
DataMining
UserTracking
MassSurveillance
IllegitamagePersonal Data
Processing
UncolicitedCommunications
AccuracyDegradation
VirtualLocations
PhysicalLocations
CORSAbuse
Web SocketsAbuse
CSRFCORSjacking &
ClickJacking
Web Storage &DOM Extraction
SQLInjection
Web Messaging & WebWorkers Injection
Widget & GadgetAbuse
Cross-SitePosting
Client-SideRemote File
IncludeCache
Poisoning
AttackPersistence
AccountAggregation
SocialNetworks
FinancialPortfolios
ServerCode Injection
Third-PartyHosted Content
VulnerableComponent
PoweringAPI
Change
LanguageTranslation
ContentCache
Device-SpecificRendering
Speed
FeedFetcher
Social MediaBots & Service
Agents
FeedFetchers
Sniping &Scalping
Fraud
PaymentCard Abuse
Brute ForcingData
Carding
CashingOut
BookingSystems
Anti-AutomationBypass
CAPTCHABreaking
DNSAmplification
SMTPAmplification
NTPAmplification
ProcessAutomation
RestaurantReservation
Speed Booking
AuctionSniping
TicketScalping
Cheating
Coupon/Voucher/Discount Enumeration
Prize Draws
BiasingMetrics
SaleStampede Queue
Jumping
Hit Counts
ImpressionFraud
ClickFraud
AdvertsAdverts
HistoryTampering
FormTampering
eShopLifting
RevenueRedirection
Refunds
Cancelations
Returns
Pricing(162)
Purchasing
Game Playing
Trading
Betting
CollectingMoney
SurveyFraud Consultations
Polls
Voting
Likes &Favourites
Complaints
CachePoisoning
Client AccessTrojaning
Boy in theBrowser
Reflection
Auto Binding
Open Redirect
ApplicationWorm
Footprinting(169)
PaymentDiversion
ChangedAffilliate
MaliciousSoftware
Implanted(439)
ConfigurationData
ModificationPoor
Configuration
BandwidthStealing
Gold Farming
Black HatSEO
Black HatSEM
ReferrerSpam
Search EngineImpersonation
CookieStuffing
DuplicatedApplication
Phishing
Usernames
Passwords
Pharming
DNS
DNS Spoofing
DNS Query Attacks
DNS Transfer
DNS Update
Pagejacking
SellingCounterfeit Goods
MicroDeposits Refunds
Web BrowserTools (211)
MaliciousSoftwareUpdate(186)
MaliciousSoftware
Download(185)
WDSLScanning (95)
ParameterNames
ParameterValues
Methods
Debug andTesting Options
(133)
PasswordRecovery
(50)
API and Micro-ServiceDiscovery (179)
Monitor TemporaryFiles (155)
SOAP ArrayBlowup (493)
Sustained ClientEngagement (227)
ForcedDeadlock (25)
MemoryLeak (131)
XML Pingof Death (147)
XMLFlood
XML EntityExpansion (197)
XML QuadraticExpansion (491)
XML EntityBlowup (201)
XML AttributeBlowup (229)
ExamineDev/TestSystems
(121)
MemoryCorruption
(124)
Evercookie(464)
Browser/DeviceFingerprinting
Warez
Imagecrash
Game Hacking
Data Modification
OpponentDisruption
MemoryScanning
MemoryModification
Denial OfService
Cyber Squatting
Man-on-the-Side
SpearPhishing
SearchHistory
Financial
Medical
Criminal
AttackIndividual
Bullying
Grooming
Copyright
Trademarks
Reidentification
ChargebackDoS
Blacklisting
BargainHunting
PriceMonitoring
DefenceDoS
Web ApplicationFirewall (WAF)
AppSensor
Election
Junk MailSpam
Site Masquerading
Third PartyDoS
Cloud SecurityService Provider
ContentDistribution
Network
Third-PartyHostedContent
Third-PartyHostedService
Other SecurityService Provider
Backdoor
Plugin
Theme
Spoofed or CrackedSocial Login
SpoilerSniffing
Shared Data(124)
UntrustedCode
PermissionsAbuse
HTMLInjection
AutoBinding
ReflectionInjection
RIA PolicyAbuse
ExposedReflection
OWASP Automated Threats to Web Applications ProjectOWASP Automated Threats to Web ApplicationsSummary of research for ontology (threats and attacks, with some vulnerabilities and outcomes)............................................................................................................................................................................................................................
https://www.owasp.org/index.php/OWASP_Automated_Threats_to_Web_Applicationsv1.00