Attack Vectors
An attack vector is a path or means by which a hacker can gain access to a computer or network server in order to deliver a malicious outcome.
Common Attack Vectors: 1. Social Engineering: Phishing, Vishing, Smishing. 2. Exploits: SQLi, XSS, Zero-days. 3. Credentials: Brute force, Credential stuffing. 4. Network: MitM attacks, Rogue Wi-Fi. 5. Supply Chain: Malicious dependencies, CI/CD pipeline compromises.
graph LR
Center["Attack Vectors"]:::main
Rel_atomic_swap["atomic-swap"]:::related -.-> Center
click Rel_atomic_swap "/terms/atomic-swap"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Explain Like I'm 5
If your computer is a house, an attack vector is any way a thief could try to get in. One vector might be an unlocked window (a software bug), another might be tricking you into handing over your front door key ([phishing](/en/terms/phishing)), and another might be a secret tunnel you forgot to seal (an old, unused login).
🤓 Expert Deep Dive
Attack vectors are categorized by their target and mechanism. 'External vectors' originate from outside the network perimeter (e.g., exploiting a public-facing API), while 'Internal vectors' leverage inside access (e.g., a rogue employee or an infected laptop). Modern cybersecurity emphasizes 'Defense-in-Depth' to address vectors across multiple layers: the Human Layer (training), the Perimeter Layer (firewalls), the Network Layer (segmentation), and the Application Layer (code audits). A critical emerging vector is the 'Software Supply Chain', where attackers compromise common libraries or build tools to inject malware into the software before it even reaches the target.