QeeqBox's repositories
social-analyzer
API, CLI, and Web App for analyzing and finding a person's profile in 1000 social media \ websites
stored-cross-site-scripting
An adversary may inject malicious content into a vulnerable target
client-side-template-injection
A threat actor may trick a victim into executing native template syntax on a vulnerable target
dom-based-cross-site-scripting
A threat actor may inject malicious content into HTTP requests. The content is not reflected in the HTTP response and executed in the victim's browser.
open-redirect
A threat actor may send a malicious redirection request for a vulnerable target to a victim; the victim gets redirected to a malicious website that downloads an executable file
risk-management
Risk management is the process of identifying, assessing, treating, and monitoring any negative events that affect a company's ability to operate (Preventing them or minimizing their harmful impact)
vertical-privilege-escalation
A threat actor may perform unauthorized functions belonging to another user with a higher privileges level
authentication-bypass
A threat actor may gain access to data and functionalities by bypassing the target authentication mechanism
captcha-bypass
A threat actor may bypass the Completely Automated Public Turing test to tell Computers and Humans Apart (captcha) by breaking the solving logic, human-assisted solving services, or utilizing automated technology
data-compliance
Data compliance is the process of following various regulations and standards to ensure that sensitive digital assets (data) are guarded against loss, theft, and misuse
horizontal-privilege-escalation
A threat actor may perform unauthorized functions belonging to another user with a similar privileges level
session-fixation
A threat actor may trick a user into using a known session identifier to log in. after logging in, the session identifier is used to gain access to the user's account
session-hijacking
A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier
two-factor-authentication-brute-force
A threat actor may lunch brute force to the two-factor authentication (2FA) logic causing unauthorized access to the target
xslt-injection
A threat actor may interfere with an application's processing of extensible stylesheet language transformations (XSLT) for extensible markup language (XML) to read or modify data on the target
xxe-injection
A threat actor may interfere with an application's processing of extensible markup language (XML) data to view the content of a target's files
access-control
Access Control is using security techniques to protect a system against unauthorized access
cross-site-request-forgery
A threat actor may trick an authenticated or trusted victim into executing unauthorized actions on their behalf
data-classification
Data classification defines and categorizes data according to its type, sensitivity, and value
data-security
Safeguarding your personal information (How your info is protected)
identity-and-access-management
The practice of ensuring that people or objects have the right level of access to assets
insecure-deserialization
A threat actor may tamper with a stream that gets deserialized on the target, causing the target to access data or perform non-intended actions
local-file-inclusion
A threat actor may cause a vulnerable target to include/retrieve local file
os-command-injection
A threat actor may inject arbitrary operating system (OS) commands on target
remote-file-inclusion
A threat actor may cause a vulnerable target to include/retrieve remote file
security-controls
Countermeasures or safeguards for detecting, preventing, and mitigating cyber threats and attacks (Protect assets)
server-side-template-injection
A threat actor may alter the template syntax on the vulnerable target to execute commands
session-replay
A threat actor may re-use a stolen or leaked session identifier to access the user's account
sql-injection
A threat actor may alter structured query language (SQL) query to read, modify and write to the database or execute administrative commands for further chained attacks
xpath-injection
A threat actor may alter the XML path language (XPath) query to read data on the target