Category:Automated Threat - Revision history

Clerkendweller: Added categories

2018-02-16T11:57:28Z

Added categories

Clerkendweller: Added link to handbook, identification chart and project

2018-02-16T09:47:44Z

Added link to handbook, identification chart and project

Clerkendweller: New page

2018-02-15T19:13:55Z

New page

New page

This category is for tagging common types of application automated threats.

==What is an automated threat?==

Threat events (an instance of something causing harm) to applications undertaken using automated actions. The focus is on abuse of functionality - misuse of inherent functionality and related design flaws, some of which are also referred to as business logic flaws. There is almost no focus on implementation bugs.

In the specific case of web applications, threat events to web applications undertaken using automated actions. And for this web application case, attacks that can be achieved without the web are not in scope.

[[Category:Article Type]]

← Older revision		Revision as of 11:57, 16 February 2018
Line 16:		Line 16:

	[[Category:Article Type]]		[[Category:Article Type]]
		+	[[Category:Attack]]
		+	[[Category:Abuse of Functionality]]

← Older revision		Revision as of 09:47, 16 February 2018
Line 6:		Line 6:

	In the specific case of web applications, threat events to web applications undertaken using automated actions. And for this web application case, attacks that can be achieved without the web are not in scope.		In the specific case of web applications, threat events to web applications undertaken using automated actions. And for this web application case, attacks that can be achieved without the web are not in scope.
		+
		+	==What web application automated threats exist?==
		+
		+	The OWASP Automated Threat Handbook - Wed Applications ([https://www.owasp.org/index.php/File:Automated-threat-handbook.pdf pdf], print), is the definitive guide to threats, detection and countermeasures in this area. It is an output of the [[OWASP Automated Threats to Web Applications\|OWASP Automated Threats to Web Applications Project]].
		+
		+	==How can I differentiate between automated threats to web applications?==
		+
		+	The handbook provides defining characteristics, properties and a description, as well as alternative names and threats each can be confused with. The project has also created a [https://www.owasp.org/index.php/File:Oat-ontology-decision-chart.pdf threat identification chart] to help correctly identify the automated threat.

	[[Category:Article Type]]		[[Category:Article Type]]