This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Phishing attack"

From OWASP
Jump to: navigation, search
(New page: Every '''Attack''' should follow this template. {{Template:Attack}} {{Template: stub}} Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' ==Descripti...)
 
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
Every '''[[Attack]]''' should follow this template.
+
{{template:CandidateForDeletion}}
 +
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
  
{{Template:Attack}}
+
#REDIRECT [[Phishing]]
{{Template: stub}}
 
  
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
 
  
 
==Description==
 
==Description==

Latest revision as of 20:26, 14 April 2009

Template:CandidateForDeletion Last revision (mm/dd/yy): 04/14/2009

#REDIRECT Phishing


Description

An attack is an action taken by a threat agent to exploit a vulnerability. Be sure you don't put [threat agents] or [vulnerabilities] in this category.

  1. Start with a one-sentence description of the attack
  2. How is the attack is launched?
  3. Who are the likely threat agents?
  4. What vulnerability does this attack target?


Risk Factors

  • Talk about the factors that make this attack likely or unlikely to actually happen
  • You can mention the likely technical impact of an attack
  • The [business impact] of an attack is probably conjecture, leave it out unless you're sure


Examples

Short example name

A short example description, small picture, or sample code with links

Short example name

A short example description, small picture, or sample code with links


Related Threat Agents


Related Attacks


Related Vulnerabilities

Note: the contents of "Related Problems" sections should be placed here


Related Controls

Note: contents of "Avoidance and Mitigation" and "Countermeasure" Sections should be placed here


References

Note1: A reference to related CWE or CAPEC article should be added when exists. Eg:

Note2:One should classify Attacks subcategories by adding eg. [Category:Data Structure Attacks]] based on the following:

Abuse of Functionality

Data Structure Attacks

Embedded Malicious Code

Exploitation of Authentication

Injection

Path Traversal Attack

Probabilistic Techniques

Protocol Manipulation

Resource Depletion

Resource Manipulation

Sniffing Attacks

Spoofing