This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Phishing attack"
(5 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | {{ | + | {{template:CandidateForDeletion}} |
− | |||
− | |||
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | ||
− | + | #REDIRECT [[Phishing]] | |
− | [[ | ||
− | |||
Line 97: | Line 93: | ||
Spoofing | Spoofing | ||
__NOTOC__ | __NOTOC__ | ||
− | |||
− |
Latest revision as of 20:26, 14 April 2009
Template:CandidateForDeletion Last revision (mm/dd/yy): 04/14/2009
#REDIRECT Phishing
Description
An attack is an action taken by a threat agent to exploit a vulnerability. Be sure you don't put [threat agents] or [vulnerabilities] in this category.
- Start with a one-sentence description of the attack
- How is the attack is launched?
- Who are the likely threat agents?
- What vulnerability does this attack target?
Risk Factors
- Talk about the factors that make this attack likely or unlikely to actually happen
- You can mention the likely technical impact of an attack
- The [business impact] of an attack is probably conjecture, leave it out unless you're sure
Examples
Short example name
- A short example description, small picture, or sample code with links
Short example name
- A short example description, small picture, or sample code with links
Related Threat Agents
Related Attacks
Related Vulnerabilities
Note: the contents of "Related Problems" sections should be placed here
Related Controls
Note: contents of "Avoidance and Mitigation" and "Countermeasure" Sections should be placed here
References
Note1: A reference to related CWE or CAPEC article should be added when exists. Eg:
Note2:One should classify Attacks subcategories by adding eg. [Category:Data Structure Attacks]] based on the following:
Abuse of Functionality
Data Structure Attacks
Embedded Malicious Code
Exploitation of Authentication
Injection
Path Traversal Attack
Probabilistic Techniques
Protocol Manipulation
Resource Depletion
Resource Manipulation
Sniffing Attacks
Spoofing