This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSensor Project/Preventing Automated Attacks"
From OWASP
(Created page with "=Introduction= Preventing Automated Attacks - This project will be a study of current techniques to thwart automated attacks against application. Within this project we will i...") |
(→Technical Notes & Preliminary Research) |
||
| Line 10: | Line 10: | ||
= Technical Notes & Preliminary Research = | = Technical Notes & Preliminary Research = | ||
| − | == Techniques == | + | == Techniques & Resources to evaluate == |
* Hashcash - http://en.wikipedia.org/wiki/Hashcash | * Hashcash - http://en.wikipedia.org/wiki/Hashcash | ||
| + | * https://www.owasp.org/index.php/Business_Logic_Security_Cheat_Sheet | ||
| + | * https://www.owasp.org/index.php/Blocking_Brute_Force_Attacks | ||
| + | * http://projects.webappsec.org/w/page/13246938/Insufficient%20Anti-automation | ||
| + | |||
| + | == Defenses== | ||
| + | === CAPTCHA === | ||
| + | * Weaknesses of Approach / Attacks on Defensive System | ||
| + | ** http://news.bbc.co.uk/2/hi/technology/7067962.stm | ||
| + | ** http://www.cs.sfu.ca/%7Emori/research/gimpy/ | ||
| + | ** http://alwaysmovefast.com/2007/11/21/cracking-captchas-for-fun-and-profit/ | ||
| + | ** http://caca.zoy.org/wiki/PWNtcha | ||
| + | |||
| + | === Fingerprinting / IP Reputation === | ||
| + | |||
| + | === IP Blocking === | ||
| + | |||
| + | === Action Thresholds === | ||
| + | |||
== News Stories == | == News Stories == | ||
* http://www.zdnet.com/github-hardens-defenses-in-wake-of-password-attack-7000023528/ | * http://www.zdnet.com/github-hardens-defenses-in-wake-of-password-attack-7000023528/ | ||
* http://www.dailydot.com/news/time-person-of-the-year-miley-cyrus-rigged/ | * http://www.dailydot.com/news/time-person-of-the-year-miley-cyrus-rigged/ | ||
Revision as of 02:11, 10 December 2013
Introduction
Preventing Automated Attacks - This project will be a study of current techniques to thwart automated attacks against application. Within this project we will identify and evaluate various automated attacks that face applications and the current defensive practices to mitigate these risks. The deliverable will be well documented knowledge and best practices.
Formatting
The format of this page will evolve as the material and structure takes form.
Mailing List Discussion
This project is discussed within the AppSensor project mailing list
Technical Notes & Preliminary Research
Techniques & Resources to evaluate
- Hashcash - http://en.wikipedia.org/wiki/Hashcash
- https://www.owasp.org/index.php/Business_Logic_Security_Cheat_Sheet
- https://www.owasp.org/index.php/Blocking_Brute_Force_Attacks
- http://projects.webappsec.org/w/page/13246938/Insufficient%20Anti-automation
Defenses
CAPTCHA
- Weaknesses of Approach / Attacks on Defensive System
