A threat actor may re-use a stolen or leaked session identifier to access the user's account

Data classification defines and categorizes data according to its type, sensitivity, and value

Data states refer to structured and unstructured data divided into three categories (At Rest, In Use, and In Transit)

A threat actor may cause a vulnerable target to include/retrieve remote file

A threat actor may alter structured query language (SQL) query to read, modify and write to the database or execute administrative commands for further chained attacks

A threat actor may alter the XML path language (XPath) query to read data on the target

A threat actor may cause a vulnerable target to include/retrieve local file

The practice of ensuring that people or objects have the right level of access to assets

Access Control is using security techniques to protect a system against unauthorized access

Safeguarding your personal information (How your info is protected)

Countermeasures or safeguards for detecting, preventing, and mitigating cyber threats and attacks (Protect assets)

A threat actor may tamper with a stream that gets deserialized on the target, causing the target to access data or perform non-intended actions

A threat actor may alter the template syntax on the vulnerable target to execute commands

A threat actor may trick an authenticated or trusted victim into executing unauthorized actions on their behalf

A threat actor may guess the target credentials using a single password with a large set of usernames against the target

Data Lifecycle Management (DLM) is a policy-based model for managing data in an organization

A threat actor may inject arbitrary operating system (OS) commands on target

A threat actor may interfere with an application's processing of extensible markup language (XML) data to view the content of a target's files

A threat actor may guess the target credentials using a known username and password pairs gathered from previous brute-force attacks

A threat actor may gain unauthorized access using the default username and password