This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:Attack"
| Line 2: | Line 2: | ||
This category is for common types of application security attacks. These are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application. | This category is for common types of application security attacks. These are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application. | ||
| + | |||
| + | An attack article should include: | ||
| + | * the [[:Category:Threat|Threat]] | ||
| + | * the [[:Category:Vulnerability|Vulnerability]] | ||
| + | * a description of exactly how the attack works | ||
| + | * tools and techniques for performing the attack | ||
{{Template:PutInCategory}} | {{Template:PutInCategory}} | ||
| Line 7: | Line 13: | ||
{{Template:Stub}} | {{Template:Stub}} | ||
| − | + | ==Work to be done here includes== | |
| + | |||
| + | Creating articles for the following topics: | ||
*Brute Force Attacks | *Brute Force Attacks | ||
*Account Lockout | *Account Lockout | ||
| Line 21: | Line 29: | ||
*Traffic Flood | *Traffic Flood | ||
*Automation of Functionality | *Automation of Functionality | ||
| + | *File location guessing (see [[Guessed or visible temporary file]] | ||
| + | * ... make sure the attack is listed for each [[:Category:Vulnerability|vulnerability]] | ||
| + | |||
| + | |||
| + | Note: many of the items marked vulnerabilities from CLASP and other places are really attacks. Some of the more obvious are: | ||
| + | * [[Command injection]] | ||
| + | * [[Log injection]] | ||
| + | * [[Resource exhaustion]] | ||
| + | * [[SQL injection]] | ||
| + | * [[Reflection injection]] | ||
| + | * [[Reflection attack in an auth protocol]] | ||
| + | |||
[[Category:Article Type]] | [[Category:Article Type]] | ||
Revision as of 00:22, 28 May 2006
Application Security Threats
This category is for common types of application security attacks. These are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application.
An attack article should include:
- the Threat
- the Vulnerability
- a description of exactly how the attack works
- tools and techniques for performing the attack
How to add a new Attack article
You can follow the instructions to make a new Attack article. Please use the appropriate structure and follow the Tutorial. Be sure to paste the following at the end of your article to make it show up in the Attack category:
[[Category:Attack]]
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
Work to be done here includes
Creating articles for the following topics:
- Brute Force Attacks
- Account Lockout
- Credential/Session Prediction
- Unauthorized Access Attempts
- Session Fixation
- Session Hijacking
- Cross-Site Scripting
- Buffer Overflow Attack
- Format String Attack
- Directory Indexing
- File Path Abuse
- Traffic Flood
- Automation of Functionality
- File location guessing (see Guessed or visible temporary file
- ... make sure the attack is listed for each vulnerability
Note: many of the items marked vulnerabilities from CLASP and other places are really attacks. Some of the more obvious are:
- Command injection
- Log injection
- Resource exhaustion
- SQL injection
- Reflection injection
- Reflection attack in an auth protocol
Subcategories
This category has the following 13 subcategories, out of 13 total.
A
D
E
I
P
R
S
Pages in category "Attack"
The following 73 pages are in this category, out of 73 total.
B
C
- Cache Poisoning
- Cash Overflow
- Code Injection
- Command Injection
- Comment Injection Attack
- Content Security Policy
- Content Spoofing
- Cornucopia - Ecommerce Website Edition - Wiki Deck
- CORS OriginHeaderScrutiny
- CORS RequestPreflighScrutiny
- Credential stuffing
- Cross Frame Scripting
- Cross Site History Manipulation (XSHM)
- Cross Site Tracing
- Cross-Site Request Forgery (CSRF)
- Cross-site Scripting (XSS)
- Cross-User Defacement
- Cryptanalysis
- CSV Injection
- Custom Special Character Injection
