https://wiki.owasp.org/index.php?action=history&feed=atom&title=OAT-021_Denial_of_Inventory 2026-05-09T11:37:33Z Revision history for this page on the wiki MediaWiki 1.27.2 https://wiki.owasp.org/index.php?title=OAT-021_Denial_of_Inventory&diff=237793&oldid=prev 2018-02-16T15:15:48Z

<p>‎<span dir="auto"><span class="autocomment">Indicative Diagram</span></span></p> <table class="diff diff-contentalign-left" data-mw="interface"> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;' lang='en'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 15:15, 16 February 2018</td> </tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l19" >Line 19:</td> <td colspan="2" class="diff-lineno">Line 19:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>===Indicative Diagram===</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>===Indicative Diagram===</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>&#160;</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">[[File:OAT-021_Denial_of_Inventory.png|500px|link=]]</ins></div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>=== Description ===</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>=== Description ===</div></td></tr> </table>

Clerkendweller https://wiki.owasp.org/index.php?title=OAT-021_Denial_of_Inventory&diff=237718&oldid=prev 2018-02-16T11:45:14Z

<p>New page</p> <p><b>New page</b></p><div>__NOTOC__ <br /> <br /> This is an automated threat. To view all automated threats, please see the [[:Category:Automated Threat|Automated Threat Category]] page. The OWASP Automated Threat Handbook - Wed Applications ([https://www.owasp.org/index.php/File:Automated-threat-handbook.pdf pdf], print), an output of the [[OWASP Automated Threats to Web Applications|OWASP Automated Threats to Web Applications Project]], provides a fuller guide to each threat, detection methods and countermeasures. The [https://www.owasp.org/index.php/File:Oat-ontology-decision-chart.pdf threat identification chart] helps to correctly identify the automated threat.<br /> <br /> == Definition ==<br /> <br /> ===OWASP Automated Threat (OAT) Identity Number ===<br /> <br /> OAT-021<br /> <br /> ===Threat Event Name===<br /> <br /> Denial of Inventory<br /> <br /> === Summary Defining Characteristics===<br /> <br /> Deplete goods or services stock without ever completing the purchase or committing to the transaction.<br /> <br /> ===Indicative Diagram===<br /> <br /> <br /> <br /> === Description ===<br /> <br /> Selection and holding of items from a limited inventory or stock, but which are never actually bought, or paid for, or confirmed, such that other users are unable to buy/ pay/confirm the items themselves. It differs from [[OAT-005 Scalping]] in that the goods or services are never actually acquired by the attacker.<br /> <br /> Denial of Inventory is most commonly thought of as taking ecommerce items out of circulation by adding many of them to a cart/basket; the attacker never actually proceeds to checkout to buy them but contributes to a possible stock-out condition. A variation of this automated threat event is making reservations (e.g. hotel rooms, restaurant tables, holiday bookings, flight seats), and/or click-and-collect without payment. But this exhaustion of inventory availability also occurs in other types of web application such as in the assignment of non-goods like service allocations, product rations, availability slots, queue positions, and budget apportionments.<br /> <br /> If server resources are reduced see [[OAT-015 Denial of Service]] instead. Like [[OAT-005 Scalping]] , Denial of Inventory also reduces the availability of goods or services.<br /> <br /> === Other Names and Examples ===<br /> <br /> Hoarding; Hold all attack; Inventory depletion; Inventory exhaustion; Stock exhaustion<br /> <br /> === See Also ===<br /> <br /> * [[OAT-005 Scalping]]<br /> * [[OAT-013 Sniping]]<br /> * [[OAT-015 Denial of Service]]<br /> <br /> == Cross-References ==<br /> <br /> === CAPEC Category / Attack Pattern IDs ===<br /> <br /> * 210 Abuse of Functionality<br /> <br /> === CWE Base / Class / Variant IDs ===<br /> <br /> * 799 Improper Control of Interaction Frequency<br /> * 841 Improper Enforcement of Behavioral Workflow<br /> <br /> === WASC Threat IDs ===<br /> <br /> * 21 Insufficient Anti-Automation<br /> * 42 Abuse of Functionality<br /> <br /> === OWASP Attack Category / Attack IDs ===<br /> <br /> * [[:Category:Abuse of Functionality|Abuse of Functionality]]<br /> <br /> <br /> <br /> [[Category: Automated Threat]]</div>

Clerkendweller