The attack tree is a systematic method that characterizes the security of a computer system, based on cyber-attacks. Attack information is redefined, identifying the means of compromising the security of a computer system as the root of the tree. An attack tree consists of a root node and several nodes located on multiple depth levels. The way in which a cyber-attacker can compromise the computer system is iteratively and incrementally represented as the nodes at the base level of the tree. Each attack tree presents methods by which a cyber-attacker can cause an incident. Each path within an attack tree represents a unique attack on the system.

In developing the attack tree for a website, the root of the tree must represent the compromising security of the platform.
The following attack tree is a high-level attack tree for a website:

ROOT Compromise the security of a website
AND 1. Identifying vulnerabilities
             OR 1. Scanning the vulnerabilities of the website
                    2. Analyzing the website activity and identifying the website users
                    3. Developing social engineering attacks on users with access rights
         2. Developing software tools for exploiting vulnerabilities
             OR 1. Developing the tools required for cyber-attack
                    2. Configuring existing attack tools
         3. Simulating cyber-attacks to the website
             OR 1. SQLi (SQL Injection) attack
                    2. Brute Force attack
                    3. XSS (Cross-Site Scripting) attack
                    4. CSRF (Cross-Site Request Forgery) attack
                    5. DoS (Denial of Service) attack
         4. Exploitation of vulnerabilities identified
         5. Injecting scripts on the website
             OR 1. Injecting malicious scripts
                    2. Injecting malware
         6. Controlling the website
             OR 1. Accessing the website administration panel
                    2. Accessing the website database
         7. Creating damages to the website
             OR 1. Retrieving data from the website database
                    2. Modifying the website files
                    3. Using the website for other cyber-attacks