Quiz Entry - updated: 2026.06.20
What is an attack chain and why is "breaking the chain" important?
An attack chain links several weaker bugs into one serious exploit; "breaking the chain" means you only have to fix one link to defeat the whole attack — which is why defense-in-depth pays off.
Attack chains combine multiple vulnerabilities for greater impact:
Example chain: XS-Leaks + CSRF + XSS
- XS-Leaks: Detect if user is logged in
- CSRF: Force authenticated action (if logged in)
- XSS: Execute script in victim's session
Breaking the chain:
- You don't need to fix ALL vulnerabilities
- Fixing ANY link breaks the entire chain
- Defense-in-depth: multiple layers mean attacker must bypass all
Strategy: Prioritize fixes that break the most chains, but implement protections for all vulnerability types.