This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:Automated Threat"
(New page) |
(Added link to handbook, identification chart and project) |
||
| Line 6: | Line 6: | ||
In the specific case of web applications, threat events to web applications undertaken using automated actions. And for this web application case, attacks that can be achieved without the web are not in scope. | In the specific case of web applications, threat events to web applications undertaken using automated actions. And for this web application case, attacks that can be achieved without the web are not in scope. | ||
| + | |||
| + | ==What web application automated threats exist?== | ||
| + | |||
| + | The OWASP Automated Threat Handbook - Wed Applications ([https://www.owasp.org/index.php/File:Automated-threat-handbook.pdf pdf], print), is the definitive guide to threats, detection and countermeasures in this area. It is an output of the [[OWASP Automated Threats to Web Applications|OWASP Automated Threats to Web Applications Project]]. | ||
| + | |||
| + | ==How can I differentiate between automated threats to web applications?== | ||
| + | |||
| + | The handbook provides defining characteristics, properties and a description, as well as alternative names and threats each can be confused with. The project has also created a [https://www.owasp.org/index.php/File:Oat-ontology-decision-chart.pdf threat identification chart] to help correctly identify the automated threat. | ||
[[Category:Article Type]] | [[Category:Article Type]] | ||
Revision as of 09:47, 16 February 2018
This category is for tagging common types of application automated threats.
What is an automated threat?
Threat events (an instance of something causing harm) to applications undertaken using automated actions. The focus is on abuse of functionality - misuse of inherent functionality and related design flaws, some of which are also referred to as business logic flaws. There is almost no focus on implementation bugs.
In the specific case of web applications, threat events to web applications undertaken using automated actions. And for this web application case, attacks that can be achieved without the web are not in scope.
What web application automated threats exist?
The OWASP Automated Threat Handbook - Wed Applications (pdf, print), is the definitive guide to threats, detection and countermeasures in this area. It is an output of the OWASP Automated Threats to Web Applications Project.
How can I differentiate between automated threats to web applications?
The handbook provides defining characteristics, properties and a description, as well as alternative names and threats each can be confused with. The project has also created a threat identification chart to help correctly identify the automated threat.
Pages in category "Automated Threat"
The following 21 pages are in this category, out of 21 total.
O
- OAT-001 Carding
- OAT-002 Token Cracking
- OAT-003 Ad Fraud
- OAT-004 Fingerprinting
- OAT-005 Scalping
- OAT-006 Expediting
- OAT-007 Credential Cracking
- OAT-008 Credential Stuffing
- OAT-009 CAPTCHA Defeat
- OAT-010 Card Cracking
- OAT-011 Scraping
- OAT-012 Cashing Out
- OAT-013 Sniping
- OAT-014 Vulnerability Scanning
- OAT-015 Denial of Service
- OAT-016 Skewing
- OAT-017 Spamming
- OAT-018 Footprinting
- OAT-019 Account Creation
- OAT-020 Account Aggregation
- OAT-021 Denial of Inventory
