Frameworks & standards
Attack Chain
Also: Kill chain · Attack path
An attack chain (or attack path) is the sequence of individual steps an attacker links together to progress from an initial foothold to a high-impact objective. Real breaches almost always involve a chain - an information leak enabling an IDOR that enables account takeover - which is why chaining, not isolated findings, is the mark of realistic offensive testing.
Key points
- Impact usually comes from chaining, not a single bug.
- Low-severity findings can combine into critical paths.
- Chaining is a core capability of autonomous testing.
Related
Impactr is an autonomous AI penetration testing platform - it investigates, chains, and proves web and API vulnerabilities with reproducible evidence.
Join the waitlist