Attack types

XBOW uses a wide range of attack types to test applications. These include agents that exploit specific vulnerability categories, and checks that look for common security flaws such as default credentials.

The pentesting capabilities available are continually evolving and expanding. Some features are experimental and may appear as optional during assessments.

The results of pentesting are reported using the top-level Common Weakness Enumeration (CWE) for the vulnerability. For more information, see Vulnerability classification.

Comprehensive attack

When you run a comprehensive attack, the assessment uses the default attack types and checks for all the common security flaws.

Default attack types

  • Local file inclusion
  • Remote code execution
  • Cache poisoning
  • Open redirect
  • Server-side request forgery
  • Cross-site scripting
  • SQL injection

Tip: Enterprise users can select a subset of the default attack types to run. See Attack strategy.

Common security flaws

  • Public and private CVEs
  • SSL/TLS issues
  • Default credentials
  • Exposed tokens and config files
  • Information disclosure
  • Dynamic application security testing (DAST) checks
  • Other misconfigurations

Retests

When you run an assessment to verify that a finding has been fully fixed, only the relevant attack types or checks are run.

Optional attack types (Enterprise only)

Enterprise users can enable attack types that require additional configuration or that are available as a preview release feature.

  • Insecure Direct Object References (IDOR) - public preview release
  • Application Specific (Custom Canaries)

For more information, see Configure the attack types to run.

Related content