This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OAT-013 Sniping"
(→Indicative Diagram) |
m (Spelling fix.) (Tag: Visual edit) |
||
| Line 25: | Line 25: | ||
The defining characteristic of Sniping is an action undertaken at the latest opportunity to achieve a particular objective, leaving insufficient time for another user to bid/offer. Sniping can also be the automated exploitation of system latencies in the form of timing attacks. Careful timing and prompt action are necessary parts. It is most well known as auction sniping, but the same threat event can be used in other types of applications. Sniping normally leads to some disbenefit for other users, and sometimes that might be considered a form of denial of service. | The defining characteristic of Sniping is an action undertaken at the latest opportunity to achieve a particular objective, leaving insufficient time for another user to bid/offer. Sniping can also be the automated exploitation of system latencies in the form of timing attacks. Careful timing and prompt action are necessary parts. It is most well known as auction sniping, but the same threat event can be used in other types of applications. Sniping normally leads to some disbenefit for other users, and sometimes that might be considered a form of denial of service. | ||
| − | In contrast, [[OAT-005 Scalping]] is the acquisition of limited availability of sought- | + | In contrast, [[OAT-005 Scalping]] is the acquisition of limited availability of sought-after goods or services, and [[OAT-006 Expediting]] is the general hastening of progress. |
=== Other Names and Examples === | === Other Names and Examples === | ||
| Line 56: | Line 56: | ||
* [[:Category:Abuse of Functionality|Abuse of Functionality]] | * [[:Category:Abuse of Functionality|Abuse of Functionality]] | ||
| − | |||
| − | |||
[[Category: Automated Threat]] | [[Category: Automated Threat]] | ||
Latest revision as of 08:21, 5 June 2019
This is an automated threat. To view all automated threats, please see the Automated Threat Category page. The OWASP Automated Threat Handbook - Wed Applications (pdf, print), an output of the OWASP Automated Threats to Web Applications Project, provides a fuller guide to each threat, detection methods and countermeasures. The threat identification chart helps to correctly identify the automated threat.
Definition
OWASP Automated Threat (OAT) Identity Number
OAT-013
Threat Event Name
Sniping
Summary Defining Characteristics
Last minute bid or offer for goods or services.
Indicative Diagram
Description
The defining characteristic of Sniping is an action undertaken at the latest opportunity to achieve a particular objective, leaving insufficient time for another user to bid/offer. Sniping can also be the automated exploitation of system latencies in the form of timing attacks. Careful timing and prompt action are necessary parts. It is most well known as auction sniping, but the same threat event can be used in other types of applications. Sniping normally leads to some disbenefit for other users, and sometimes that might be considered a form of denial of service.
In contrast, OAT-005 Scalping is the acquisition of limited availability of sought-after goods or services, and OAT-006 Expediting is the general hastening of progress.
Other Names and Examples
Auction sniping; Bid sniper; Front- running; Last look; Last minute bet; Timing attack
See Also
Cross-References
CAPEC Category / Attack Pattern IDs
- 210 Abuse of Functionality
CWE Base / Class / Variant IDs
- -
WASC Threat IDs
- 21 Insu icient Anti-Automation
- 42 Abuse of Functionality
