OAT-013 Sniping

2019-06-05T08:21:15Z

Ohjelm: Spelling fix.

__NOTOC__

This is an automated threat. To view all automated threats, please see the [[:Category:Automated Threat|Automated Threat Category]] page. The OWASP Automated Threat Handbook - Wed Applications ([https://www.owasp.org/index.php/File:Automated-threat-handbook.pdf pdf], print), an output of the [[OWASP Automated Threats to Web Applications|OWASP Automated Threats to Web Applications Project]], provides a fuller guide to each threat, detection methods and countermeasures. The [https://www.owasp.org/index.php/File:Oat-ontology-decision-chart.pdf threat identification chart] helps to correctly identify the automated threat.

== Definition ==

===OWASP Automated Threat (OAT) Identity Number ===

OAT-013

===Threat Event Name===

Sniping

=== Summary Defining Characteristics===

Last minute bid or offer for goods or services.

===Indicative Diagram===

[[File:OAT-013_Sniping.png|500px|link=]]

=== Description ===

The defining characteristic of Sniping is an action undertaken at the latest opportunity to achieve a particular objective, leaving insufficient time for another user to bid/offer. Sniping can also be the automated exploitation of system latencies in the form of timing attacks. Careful timing and prompt action are necessary parts. It is most well known as auction sniping, but the same threat event can be used in other types of applications. Sniping normally leads to some disbenefit for other users, and sometimes that might be considered a form of denial of service.

In contrast, [[OAT-005 Scalping]] is the acquisition of limited availability of sought-after goods or services, and [[OAT-006 Expediting]] is the general hastening of progress.

=== Other Names and Examples ===

Auction sniping; Bid sniper; Front- running; Last look; Last minute bet; Timing attack

=== See Also ===

* [[OAT-005 Scalping]]
* [[OAT-006 Expediting]]
* [[OAT-015 Denial of Service]]
* [[OAT-021 Denial of Inventory]]

== Cross-References ==

=== CAPEC Category / Attack Pattern IDs ===

* 210 Abuse of Functionality

=== CWE Base / Class / Variant IDs ===

* -

=== WASC Threat IDs ===

* 21 Insu icient Anti-Automation
* 42 Abuse of Functionality

=== OWASP Attack Category / Attack IDs ===

* [[:Category:Abuse of Functionality|Abuse of Functionality]]

[[Category: Automated Threat]]

South Sweden

2019-02-26T21:28:20Z

Ohjelm: Update with February event info

{{Chapter Template|chaptername=South Sweden|extra=The chapter leaders are [mailto:erik.wilhelmsson@owasp.org Erik Wilhelmsson], [mailto:oscar.hjelm@owasp.org Oscar Hjelm] and [mailto:olle.svenhag@owasp.org Olle Svenhag].
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-southsweden|emailarchives=http://lists.owasp.org/pipermail/owasp-southsweden}}

== OWASP South Sweden 2019 ==

=== 2019-02-25 Chapter Meeting - Security Night ===
This night web security, how to prioritise vulnerabilities, and secure development will be in focus.

Cyber security meetup in Karlskrona, Campus Gräsvik. This time we're welcoming Martin, Oskar, and Mikael as they present their takes on web security, how to prioritise vulnerabilities, and secure development.

Program:

18.00-18.30 Welcome OWASP

18.30-19.00 Oskar, Prioritizing Vulnerabilities, what can wait till later?

19.00-19.30 Mikael, Web hacking 101

19.30-20.00 Martin, A helicopter view of secure development

Event is held on 25 February 18:00-20:00 at BTH J1270. The event is free of charge and open for everyone. Coffee will be provided for.

The event is free - please sign up on the event page: https://www.eventbrite.com/e/owasp-south-sweden-chapter-meeting-tickets-56127266164
[[Category:OWASP Chapter]]
[[Category:Europe]]

OWASP - User contributions [en]

OAT-013 Sniping

South Sweden