[Don't know what this is]
[Never]
Rarely (1 -2 times/yr)
Quarterly
Every month
Every week
Every day
More than once/day
Continuously
Credential Cracking (Identify valid log in credentials by trying different values for usernames and/or passwords)
CAPTCHA Cracking (Solve anti-automation tests)
Fake Account Creation (Create accounts for subsequent misuse)
Credential Stuffing (Mass log in attempts used to verify the validity of stolen username/password pairs)
Account Aggregation (Use by an intermediary application to collect together and interact with accounts related to many other applications)
Payment Card Fraud (Buy goods or obtain cash from stolen payment cards)
Card Verification (Small purchases used to verify the validity of bulk stolen payment card data)
Card Cracking (Identify missing payment card details by trying different values for expiry date and security code)
Data Harvesting (Read application content and data, copying it elsewhere)
Content Aggregation (Use of an intermediary application to collect together and consume content from many application sources, republishing it as content on the web)
Cheating (Violate explicit or implicit assumption(s) about the application's use to achieve unfair individual gain, often associated with deceit and loss to some other party)
Click Fraud (False click throughs)
Impression Fraud (False content impressions)
Man-in-the-Browser (Compromise of web browser)
Code Alteration (Modify application source code, or executing code, or configuration)
Content Spam (Information addition that appears in content, or alters metrics or statistical data)
Application Consumption (Misuse of the application to perform calculations, or process data, or perform other actions against other applications, hosts, or in the physical world)
Fingerprinting (Requests used to illicit information about the supporting web, application and database server and framework types and versions)
Footprinting (Probing and exploration to identify constituents and properties of the application)
Vulnerability Scanning (Application crawling and fuzzing in an attempt to identify weaknesses and possible vulnerabilities)
Reverse Engineering (Exercise an application, or part of an application, with the intent to gain insight how it is constructed and operates)
HTTP Flood DoS (High rate or number of HTTP requests)
HTTP Slow DoS (Partial HTTP request headers sent, or fragmented request bodies sent, or slow response read)
Web Application (layer 7) DoS (Denial of service achieved by targeting resources of the application and database servers)
User DoS (Individual users locked out or unable to register/use the application)