Knowing your enemies
Building a safe website means protecting yourself and your visitors against known and unknown threats, but the internet is huge and you easily get lost.
You can use the list below to see if you aren't missing something
The list is far from complete; but it does cover the whole range from hardly malicious to highly malicious.
The items on the list are also not unique items; some are while others can be seen as categories or subcategories of attacks.
Not an advertisement, but looks like it
Alphabetical list of potentially malicious online activities
(malware etc.) ↑
- Advanced Persistant Threats (APT's)
- Adware
- AI-Powered Attacks
- Application-Layer Attack
- Birthday Attack
- Blended threats
- Boot sector virus
- Bot / Botnet / Zombie
- Brandjacking
- Browser hijacking
- Browser-plugins
- Brute Force Attack
- Business Email Compromise (BEC)
- Clickjacking
- Clone-phishing
- CMS-plugin vulnerabilities
- Code-injection
- Combosquatting
- Command injection
- Comment-spam
- Compiled virus
- Compromised Key Attacks
- Configuration file sniffing
- Converation eavesdropping
- Cookies
- Credential stuffing
- Crimeware
- CRLF injection
- Cross-Site Request Forgery attack (CSRF)
- Cross-Site Scripting (XSS)
- Cryptojacking
- Cryptovirus
- Cybersquatting
- Data Modification attacks
- DDos-attacks
- Deceptive / dangerous pages
- Deceptive third party content
- Dictionary password attack
- DNS-spoofing
- DNS-tunneling
- DOM XSS-attack
- Doppelganger domain
- Drive-by attacks
- E-mail spam
- Eavesdropping attacks
- Exploit(-kits)
- Fake blog (flog)
- File infector virus
- Fileless malware
- Firmware vulnerabilities
- Fuzzing
- Host header injection
- Hybrid malware
- HyperCard viruses
- Insider-threats
- Instant Messaging attack / smishing
- IoT (Internet of Things) attack
- JavaScript with malicious intent
- Junkware
- Keylogger
- LDAP injection
- Links to malicious sources
- Linux malware
- Logic bombs
- Macro-virus
- Mail-command injection: IMAP/SMTP-attack
- Man-In-The-Middle (MITM) attack
- Mass-mailing / messaging worm
- Memory-only malware
- Memory-resident malware
- Mirai
- Multipartite virus
- Network attacks
- Palm OS viruses
- Password-Based Attacks
- Password spraying
- Path (or Directory) Traversal
- Pharming
- Phishing
- Polymorphic code
- Port scanner
- Potentially Unwanted Program (PUP)
- Ransomware
- Redirection attacks (static injection)
- Registry resident malware
- Remote login / hacking attack
- Replay attack
- Rootkit
- SSI / Server-side injections (dynamic injection)
- Session hijacking / disruption / fixation
- Sniffing attacks / packet sniffers
- Social engineering
- Spear-phishing
- Spoofing
- Spyware
- SQL-injection
- Stealth virus
- Tabnabbing
- Technical support scam
- Tracking cookie
- Traffic analysis attack
- Trivial File Transfer Protocol (TFTP)
- Trojan horses / backdoor Trojans
- Typosquatting
- Unclear billing
- Unexpected and/or harmful downloads
- URL-injection
- Virus
- Virus hoax
- Vulnerability
- Watering-hole attack
- Web-Cache poisoning
- Web-Scripting virus
- Whale-phishing / CEO-fraud
- Worm
- Xpath-injection
- XSS worm
- Zero-Day attack
- Zombies