The preceding vulnerability list can be compromised through various attacks. In-house developed software or acquired software should be thoroughly tested for various attack scenarios, and their impact has to be determined. The following list provides some of the common application attacks that need to be tested in applications:
Abuse of functionality
Data structure attacks
Exploitation of authentication
Injection such as code injection or SQL injection
Malicious code attack
Path traversal attack
Probabilistic techniques
Protocol manipulation
Resource depletion
Resource manipulation
Sniffing attacks
Spoofing
Note
Many of these listed attacks are explained in the previous chapters.