Difference between revisions of "Phishing attack"

Revision as of 11:31, 16 September 2008

This is an Attack. To view all attacks, please see the Attack Category page.

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.

Last revision (mm/dd/yy): 09/16/2008

Description

An attack is an action taken by a threat agent to exploit a vulnerability. Be sure you don't put [threat agents] or [vulnerabilities] in this category.

1. Start with a one-sentence description of the attack
2. How is the attack is launched?
3. Who are the likely threat agents?
4. What vulnerability does this attack target?

Risk Factors

• Talk about the factors that make this attack likely or unlikely to actually happen
• You can mention the likely technical impact of an attack
• The [business impact] of an attack is probably conjecture, leave it out unless you're sure

Examples

Short example name

A short example description, small picture, or sample code with links

Short example name

A short example description, small picture, or sample code with links

Related Threat Agents

• Threat Agent 1
• Threat Agent 2

Related Attacks

• Attack 1
• Attack 2

Related Vulnerabilities

• Vulnerability 1
• Vulnerabiltiy 2

Note: the contents of "Related Problems" sections should be placed here

Related Controls

• Control 1
• Control 2

Note: contents of "Avoidance and Mitigation" and "Countermeasure" Sections should be placed here

References

Note1: A reference to related CWE or CAPEC article should be added when exists. Eg:

• CWE 79.
• http://www.link1.com
• Title for the link2

Note2:One should classify Attacks subcategories by adding eg. [Category:Data Structure Attacks]] based on the following:

Abuse of Functionality

Data Structure Attacks

Embedded Malicious Code

Exploitation of Authentication

Injection

Path Traversal Attack

Probabilistic Techniques

Protocol Manipulation

Resource Depletion

Resource Manipulation

Sniffing Attacks

Spoofing