Shows various layers and the corresponding elements/mechanisms/services that make web applications vulnerable.

A vulnerability stack models the web application as layers, mapping each layer to the specific elements, mechanisms, and services that can introduce weaknesses. This approach shows how risks live at the client, server, application logic, data, network, and integrations, and how they stack up to create the overall attack surface. By organizing vulnerabilities across layers, you can see how a weakness in one area (like insecure APIs or misconfigured servers) combines with others to increase risk, guiding where defenses should be applied. The other options are not a multi-layer view: injection flaws describe a single category of vulnerability, while SOAP and RESTful refer to web service protocols/architectures, not a framework for modeling vulnerabilities across a stack.