Difference between revisions of "Category:Attack"

Latest revision as of 19:30, 6 June 2016

This category is for tagging common types of application security attacks.

What is an attack?

Attacks are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application.

All attack articles should follow the Attack template.

Examples:

Brute Force: Is an exhaustive attack that works by testing every possible value of a parameter (password, file name, etc.) Brute_force_attack
Cache Poisoning: Is an attack that seeks to introduce false or malicious data into a web cache, normally via HTTP Response Splitting. Cache_Poisoning
DNS Poisoning: Is an attack that seeks to introduce false DNS address information into the cache of a DNS server, where it will be served to other users enabling a variety of attacks. (e.g., Phishing)

Note: many of the items marked vulnerabilities and other places are really attacks. Some of the more obvious are:

Subcategories

This category has the following 13 subcategories, out of 13 total.

I

► Injection‎ (30 P)

P

R

► Resource Depletion‎ (2 P)
► Resource Manipulation‎ (10 P)

S

► Sniffing Attacks‎ (empty)
► Spoofing‎ (5 P)

Pages in category "Attack"

The following 73 pages are in this category, out of 73 total.

B

D

E

Execution After Redirect (EAR)

F

G

Guía para evitar infecciones de RANSOMWARE

H

HTTP Response Splitting

I

L

Log Injection

M

O

P

Q

Qrljacking

R

S

T

U

Unicode Encoding

W

X

@@ Line 5: / Line 5: @@
 Attacks are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application.
-==Examples of attacks==
+All attack articles should follow the [[Attack template]].
-*Brute Force Attacks
-*SQL Injection Attacks
-*Cross-Site Scripting
-*Credential/Session Prediction
-*Session Hijacking
-*Buffer Overflow Attack
-*Unauthorized Access Attempts
-*Path traversal
-*Forced Browsing
-*Traffic Flood
-{{Template:PutInCategory}}
+==Examples:==
-An attack article should include:
+*Brute Force: Is an exhaustive attack that works by testing every possible value of a parameter (password, file name, etc.) [[:Brute_force_attack|Brute_force_attack]]
-* a description of exactly how the attack works
+*Cache Poisoning: Is an attack that seeks to introduce false or malicious data into a web cache, normally via HTTP Response Splitting.  [[:Cache_Poisoning|Cache_Poisoning]]
-* tools and techniques for performing the attack
+*DNS Poisoning: Is an attack that seeks to introduce false DNS address information into the cache of a DNS server, where it will be served to other users enabling a variety of attacks. (e.g., Phishing)
-* links to related threats, vulnerabilities, and countermeasures
-{{Template:Stub}}
+Note: many of the items marked vulnerabilities and other places are really attacks. Some of the more obvious are:
-==Work to be done here includes==
-Creating articles for the following topics:
-*Credential/Session Prediction
-*Unauthorized Access Attempts
-*Session Fixation
-*Session Hijacking
-*Cross-Site Scripting
-*Buffer Overflow Attack
-*Format String Attack
-*Directory Indexing
-*File Path Abuse
-*Traffic Flood
-*Automation of Functionality
-*File location guessing (see [[Guessed or visible temporary file]]
-* ... make sure the attack is listed for each [[:Category:Vulnerability|vulnerability]]
-Note: many of the items marked vulnerabilities from CLASP and other places are really attacks. Some of the more obvious are:
-* [[Command injection]]
-* [[Log injection]]
 * [[Resource exhaustion]]
-* [[SQL injection]]
 * [[Reflection injection]]
 * [[Reflection attack in an auth protocol]]
 [[Category:Article Type]]