This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Category:Automated Threat

Jump to: navigation, search

This category is for tagging common types of application automated threats.

What is an automated threat?

Threat events (an instance of something causing harm) to applications undertaken using automated actions. The focus is on abuse of functionality - misuse of inherent functionality and related design flaws, some of which are also referred to as business logic flaws. There is almost no focus on implementation bugs.

In the specific case of web applications, threat events to web applications undertaken using automated actions. And for this web application case, attacks that can be achieved without the web are not in scope.

What web application automated threats exist?

The OWASP Automated Threat Handbook - Wed Applications (pdf, print), is the definitive guide to threats, detection and countermeasures in this area. It is an output of the OWASP Automated Threats to Web Applications Project.

How can I differentiate between automated threats to web applications?

The handbook provides defining characteristics, properties and a description, as well as alternative names and threats each can be confused with. The project has also created a threat identification chart to help correctly identify the automated threat.