IDORSSRFAUTH BYPASSJWT FORGERYRACE CONDITIONXXEBROKEN OBJECT-LEVEL AUTHPRIVILEGE ESCALATIONMASS ASSIGNMENTGRAPHQL INTROSPECTION ABUSEIDORSSRFAUTH BYPASSJWT FORGERYRACE CONDITIONXXEBROKEN OBJECT-LEVEL AUTHPRIVILEGE ESCALATIONMASS ASSIGNMENTGRAPHQL INTROSPECTION ABUSE
Impactr Logoimpactr
FeaturesHow it worksEvidencePricingLearnCompare
  1. Home
  2. Glossary
  3. Attack Chain

Frameworks & standards

Attack Chain

Also: Kill chain · Attack path

An attack chain (or attack path) is the sequence of individual steps an attacker links together to progress from an initial foothold to a high-impact objective. Real breaches almost always involve a chain - an information leak enabling an IDOR that enables account takeover - which is why chaining, not isolated findings, is the mark of realistic offensive testing.

Key points

  • Impact usually comes from chaining, not a single bug.
  • Low-severity findings can combine into critical paths.
  • Chaining is a core capability of autonomous testing.

Related

Autonomous Penetration TestingAttack SurfaceMITRE ATT&CKInsecure Direct Object Reference (IDOR)Server-Side Request Forgery (SSRF)Broken Access Control

Impactr is an autonomous AI penetration testing platform - it investigates, chains, and proves web and API vulnerabilities with reproducible evidence.

Join the waitlist
← All terms
Impactr Logoimpactr

Built by hackers, for the code you ship. Autonomous AI penetration testing for modern web apps and APIs.

© 2026 Impactr

Product

FeaturesCoverageUse casesEvidencePricingWaitlist

Resources

VulnerabilitiesGuidesComparisonsGlossaryCWE databaseBy industryBy languageHTTP status codesSecurity headers

Company

ContactTwitterLinkedInGitHub