Here is the list of Type of attack on webs base application...
[~]Sql Injection Attack
[~]Hibernate Query Language Injection
[~]Direct OS Code Injection
[~]XML Entity Injection
[~]Broken Authentication and Session Management
[~]Cross-Site Scripting (XSS)
[~]Insecure Direct Object References
[~]Security Misconfiguration
[~]Sensitive Data Exposure
[~]Missing Function Level Access Control
[~]Cross-Site Request Forgery (CSRF)
[~]Using Components with Known Vulnerabilities
[~]Unvalidated Redirects and Forwards
[~]Cross Site Scripting Attacks
[~]ClickjackingAttacks
[~]DNS Cache Poisoning
[~]Symlinking – An Insider Attack
[~]Cross Site Request Forgery Attacks
[~]Remote Code Execution Attacks
[~]Remote File inclusion
[~]Local file inclusion
[~]Evercookie
[~]Denial of Service Attack
[~]Cookie Eviction
[~]phpwn
[~]NAT Pinning
[~]XSHM
[~]MitM DNS Rebinding SSL/TLS Wildcards and XSS
[~]Quick Proxy Detection
[~]Improving HTTPS Side Channel Attacks
[~]Side Channel Attacks in SSL
[~]Turning XSS into Clickjacking
[~]Bypassing CSRF protections with ClickJacking and
[~]HTTP Parameter Pollution
[~]URL Hijacking
[~]Strokejacking
[~]Fooling B64_Encode(Payload) on WAFs and filters
[~]MySQL Stacked Queries with SQL Injection.
[~]Posting raw XML cross-domain
[~]Generic cross-browser cross-domain theft
[~]Attacking HTTPS with Cache Injection
[~]Tapjacking
[~]XSS-Track
[~]Next Generation Clickjacking
[~]XSSing client-side dynamic HTML.
[~]Stroke triggered XSS and StrokeJacking
[~]Lost in Translation
[~]Persistent Cross Interface Attacks
[~]Chronofeit Phishing
[~]SQLi filter evasion cheat sheet (MySQL)
[~]Tabnabbing
[~]UI Redressing
[~]Cookie Poisoning
[~]SSRF
[~]Bruteforce of PHPSESSID
[~]Blended Threats and JavaScript
[~]Cross-Site Port Attacks
[~]CAPTCHA Re-Riding Attack
Source: Blogs & FB Pages
Note: Add more if I miss anyone 😊
