A security attack vector that threatens the performance of a website and hampers its security to steal user credentials, set up a phishing site or acquire private data by targeting web applications.

Web application threats target the software and interfaces that run websites. Attackers in this space exploit flaws in the web app or its configuration to disrupt performance, bypass security controls, and harvest user data, including credentials, or to host phishing pages that deceive users. The scenario described fits this category because it involves weakening a site's security and performance to steal credentials or create a phishing site by abusing the web application itself. Cloud computing threats refer to risks specific to cloud environments and services, not the web app layer. Authenticity and non-repudiation are security properties, not attack vectors.