This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:Attack"

From OWASP
Jump to: navigation, search
 
(28 intermediate revisions by 12 users not shown)
Line 1: Line 1:
{{Template:Stub}}
+
This category is for tagging common types of application security attacks.
  
This category is for common types of application security attacks. These are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application.
+
==What is an attack?==
  
[[How To add an attack]]
+
Attacks are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application.
  
Some items to add
+
All attack articles should follow the [[Attack template]].
**Brute Force Attacks
+
 
**Account Lockout
+
==Examples:==
**Credential/Session Prediction
+
 
**Unauthorized Access Attempts
+
*Brute Force: Is an exhaustive attack that works by testing every possible value of a parameter (password, file name, etc.) [[:Brute_force_attack|Brute_force_attack]]
**Session Fixation
+
*Cache Poisoning: Is an attack that seeks to introduce false or malicious data into a web cache, normally via HTTP Response Splitting.  [[:Cache_Poisoning|Cache_Poisoning]]
**Session Hijacking
+
*DNS Poisoning: Is an attack that seeks to introduce false DNS address information into the cache of a DNS server, where it will be served to other users enabling a variety of attacks. (e.g., Phishing)
**Cross-Site Scripting
+
 
**Buffer Overflow Attack
+
Note: many of the items marked vulnerabilities and other places are really attacks. Some of the more obvious are:
**Format String Attack
+
* [[Resource exhaustion]]
**Command Injection
+
* [[Reflection injection]]
**Directory Indexing
+
* [[Reflection attack in an auth protocol]]
**File Path Abuse
 
**Traffic Flood
 
**Automation of Functionality
 
  
 
[[Category:Article Type]]
 
[[Category:Article Type]]

Latest revision as of 19:30, 6 June 2016

This category is for tagging common types of application security attacks.

What is an attack?

Attacks are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application.

All attack articles should follow the Attack template.

Examples:

  • Brute Force: Is an exhaustive attack that works by testing every possible value of a parameter (password, file name, etc.) Brute_force_attack
  • Cache Poisoning: Is an attack that seeks to introduce false or malicious data into a web cache, normally via HTTP Response Splitting. Cache_Poisoning
  • DNS Poisoning: Is an attack that seeks to introduce false DNS address information into the cache of a DNS server, where it will be served to other users enabling a variety of attacks. (e.g., Phishing)

Note: many of the items marked vulnerabilities and other places are really attacks. Some of the more obvious are:

Subcategories

This category has the following 13 subcategories, out of 13 total.

A

D

I

P

R

S

Pages in category "Attack"

The following 73 pages are in this category, out of 73 total.