OSI Layer Cyber Attacks

OSI Layer	Examples of Cyber Attacks	Security Controls
Application	SQL injection (SQLi), Cross-Site Scripting (XSS), Remote Code Inclusion	regular patching, fixing vulnerabilities, input validation, execution controls, application firewalls (WAF etc.)
Presentation	Input Data Manipulation, Code Injection, Insecure Deserialization	validating user inputs, using secure data serialization libraries, using digital signatures for integrity checks
Session	Exploitation of Trusted Identifiers, Session Hijacking & Sidejacking or Session Replay	randomizing session IDs, enforcing secure logout mechanisms, using secure tokens for user authentication
Transport	Flooding, TCP & UDP Fragmentation	Monitor & control firewall traffic at the transport layer, mitigate SYN flood attacks, implement secure data exchange
Network	ICMP Flood, Ping of Death (PoD), IP Spoofing	Firewall filtering, use IDS and IPS, use source address verification (Reverse Path Filtering)
Data Link	MAC Address Spoofing, ARP Spoofing, VLAN Hopping	Encrypting network traffic, using ACLs to allow only specific MAC addresses, Dynamic ARP Inspection (DAI), enabling VLAN Trunk Protocol (VTP)
Physical	Physical Tampering, Eavesdropping, MITM at Physical Level (e.g. tapping into network cables), Disrupting Power Supply	physical access controls, secure cabeling, CCTV surveillance, regular inspections and monitoring

Of course, this is not a complete list. The examples listed above are intended to show what types of data can be manipulated by attacks on the various OSI layers and how these can open up attack vectors.

Design based on Dracula UI