Attack types
XBOW uses a wide range of attack types to test applications. These include agents that exploit specific vulnerability categories, and checks that look for common security flaws such as default credentials.
The pentesting capabilities available are continually evolving and expanding. Some features are experimental and may appear as optional during assessments.
The results of pentesting are reported using the top-level Common Weakness Enumeration (CWE) for the vulnerability. For more information, see Vulnerability classification.
Specific categories of attack
Enterprise users can select a subset of attack types to focus all the pentesting agents on selected attack types. This enables more focused, in-depth testing of the selected vulnerability categories.
- Local file inclusion
- Remote code execution
- Cache poisoning
- Open redirect
- Server-side request forgery
- Cross-site scripting
- SQL injection
Common security flaws
These checks run on all assessments apart from assessments to verify that vulnerabilities are fixed.
- Public and private CVEs
- SSL/TLS issues
- Default credentials
- Exposed tokens and config files
- Information disclosure
- Dynamic application security testing (DAST) checks
- Other misconfigurations
Related content
- Define an assessment type (Enterprise users)
- Vulnerability classification