This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "SpoC 007 - Attacks Reference Guide - Progress Page"
(→Work Done) |
|||
Line 6: | Line 6: | ||
The Attack reference guide is being developed by [[SpoC_007_-_Attacks_Reference_Guide |NSRAV Security R&D]] and [[SpoC_007_-_Refresh_Attacks_list |Przemyslaw 'Rezos' Skowron]]. In order to avoid work superposition, the project was divided in 3 phases comprising the following activities: | The Attack reference guide is being developed by [[SpoC_007_-_Attacks_Reference_Guide |NSRAV Security R&D]] and [[SpoC_007_-_Refresh_Attacks_list |Przemyslaw 'Rezos' Skowron]]. In order to avoid work superposition, the project was divided in 3 phases comprising the following activities: | ||
− | # Attack list revision and description ( | + | # Attack list revision and description (60% of the project) |
− | # Attacks categorization ( | + | # Attacks categorization (20% of the project) |
− | # Research and describe new attacks ( | + | # Research and describe new attacks (20% of the project) |
− | Total project status: ''' | + | Total project status: '''100% Done!''' |
== CheckPoints and Decision == | == CheckPoints and Decision == | ||
Line 53: | Line 53: | ||
**[[XSRF]] | **[[XSRF]] | ||
− | * Attacks Description: ''' | + | * Attacks Description: '''51 of 59 items done'''! |
− | |||
− | |||
− | |||
===Phase 2 - DONE! === | ===Phase 2 - DONE! === | ||
Line 72: | Line 69: | ||
* Data Leakage Attacks | * Data Leakage Attacks | ||
* [[:Category:Resource Manipulation]] | * [[:Category:Resource Manipulation]] | ||
− | * Protocol Manipulation | + | * [[:Category:Protocol Manipulation]] |
* Time and State Attacks | * Time and State Attacks | ||
Line 104: | Line 101: | ||
* [[Format_string_attack]] - ([http://www.owasp.org/index.php?title=Format_string_attack&diff=23065&oldid=7393 diff] , [http://www.owasp.org/index.php?title=Format_string_attack&action=history history]) | * [[Format_string_attack]] - ([http://www.owasp.org/index.php?title=Format_string_attack&diff=23065&oldid=7393 diff] , [http://www.owasp.org/index.php?title=Format_string_attack&action=history history]) | ||
+ | |||
+ | * [[HTTP_Response_Splitting]] - ([http://www.owasp.org/index.php?title=HTTP_Response_Splitting&diff=23117&oldid=7948 diff] , [http://www.owasp.org/index.php?title=HTTP_Response_Splitting&action=history history]) | ||
+ | |||
+ | * [[HTTP_Request_Smuggling]] - ([http://www.owasp.org/index.php?title=HTTP_Request_Smuggling&diff=23118&oldid=5802 diff], [http://www.owasp.org/index.php?title=HTTP_Request_Smuggling&action=history history]) | ||
* [[LDAP_injection]] - ([http://www.owasp.org/index.php?title=LDAP_injection&diff=23067&oldid=10830 diff] , [http://www.owasp.org/index.php?title=LDAP_injection&action=history history]) | * [[LDAP_injection]] - ([http://www.owasp.org/index.php?title=LDAP_injection&diff=23067&oldid=10830 diff] , [http://www.owasp.org/index.php?title=LDAP_injection&action=history history]) | ||
Line 137: | Line 138: | ||
* [[Spyware]] - ([http://www.owasp.org/index.php?title=Spyware&diff=22761&oldid=6448 diff] , [http://www.owasp.org/index.php?title=Spyware&action=history history]) | * [[Spyware]] - ([http://www.owasp.org/index.php?title=Spyware&diff=22761&oldid=6448 diff] , [http://www.owasp.org/index.php?title=Spyware&action=history history]) | ||
− | * [[Traffic_flood]] - ([http://www.owasp.org/index.php?title=Traffic_flood&diff=22775&oldid=7392 diff] , [ | + | * [[SQL_Injection]] - ([https://www.owasp.org/index.php?title=SQL_Injection&diff=23119&oldid=21964 diff] , [https://www.owasp.org/index.php?title=SQL_Injection&action=history history]) |
+ | |||
+ | * [[Traffic_flood]] - ([http://www.owasp.org/index.php?title=Traffic_flood&diff=22775&oldid=7392 diff] , [http://www.owasp.org/index.php?title=Traffic_flood&action=history history]) | ||
* [[Trojan_Horse]] - ([http://www.owasp.org/index.php?title=Trojan_Horse&diff=22756&oldid=7078 diff] , [http://www.owasp.org/index.php?title=Trojan_Horse&action=history history]) | * [[Trojan_Horse]] - ([http://www.owasp.org/index.php?title=Trojan_Horse&diff=22756&oldid=7078 diff] , [http://www.owasp.org/index.php?title=Trojan_Horse&action=history history]) | ||
Line 171: | Line 174: | ||
* [[XSS_in_error_pages]] - ([http://www.owasp.org/index.php?title=XSS_in_error_pages&diff=22662&oldid=6850 diff] , [http://www.owasp.org/index.php?title=XSS_in_error_pages&action=history history]) | * [[XSS_in_error_pages]] - ([http://www.owasp.org/index.php?title=XSS_in_error_pages&diff=22662&oldid=6850 diff] , [http://www.owasp.org/index.php?title=XSS_in_error_pages&action=history history]) | ||
+ | |||
+ | '''New items''' | ||
+ | ** [[Denial_of_Service]] | ||
+ | ** [[Embedding_Null_Code]] | ||
+ | ** [[Man-in-the-browser_attack]] | ||
+ | ** [[Manipulating_User_Permission_Identifier]] | ||
+ | ** [[Session_Prediction]] | ||
+ | |||
by Przemyslaw 'rezos' Skowron (20071104 - part II - second 50%]) | by Przemyslaw 'rezos' Skowron (20071104 - part II - second 50%]) |
Revision as of 19:39, 5 November 2007
Back to Attacks Reference Guide Main Page
Back to Refresh Attacks List Main Page
The Attack reference guide is being developed by NSRAV Security R&D and Przemyslaw 'Rezos' Skowron. In order to avoid work superposition, the project was divided in 3 phases comprising the following activities:
- Attack list revision and description (60% of the project)
- Attacks categorization (20% of the project)
- Research and describe new attacks (20% of the project)
Total project status: 100% Done!
CheckPoints and Decision
Phase 1 - 90% Done
- Attack List Revision: Done!
Total number of items on the Attack Guide: 91!
We noticed that Attack reference guide was previously defined based on CWE - Common Weakness Enumeration, which defines global software weakness and threats. In order to develop the Attack reference guide focused on Web application attacks, we reviewed the list and marked some items to be removed from the list. The contents of generic or redundant items were used in descriptions of some items and marked to be removed too.
Items considered to removal from the attack list: 30 items, as follows:
- API_Abuse
- Cross_Site_Scripting
- Cross-Site_Scripting
- CSRF
- Internal_software_developer
- Interpreter_Injection
- Link_Following
- Log_forging
- Logic/time_bomb
- Macro_symbol
- Network_amplification
- One-Click_Attack
- OS_Injection
- OS_Command_Injection
- PRNG_permanent_compromise_attack
- Reviewing_Code_for_OS_Injection
- Script_in_IMG_tags
- Sniffing_application_traffic_attack
- Template:Attack
- Unquoted_Search_Path_or_Element
- Web_problems
- Wildcard_or_Matching_Element
- Windows_::DATA_alternate_data_stream
- Windows_hard_link
- Windows_MS-DOS_device_names
- Windows_Path_Link_problems
- Windows_Shortcut_Following_(.LNK)
- Windows_Virtual_File_problems
- XSS_Attacks
- XSRF
- Attacks Description: 51 of 59 items done!
Phase 2 - DONE!
The attacks categorization was based on Common Attack Pattern Enumeration and Classification - CAPEC, since it is maintained by a respected entity and wide enough to fit all web application attacks.
The categories defined are:
- Category:Abuse of Functionality
- Category:Spoofing
- Category:Probabilistic Techniques
- Category:Exploitation of Authentication
- Category:Resource Depletion
- Exploitation of Privilege/Trust
- Category:Injection (Injecting Control Plane content through the Data Plane)
- Category:Data_Structure_Attacks
- Data Leakage Attacks
- Category:Resource Manipulation
- Category:Protocol Manipulation
- Time and State Attacks
It was also defined the threats categorization based on WASC Threat Classification v2, under development.
Phase 3
Research and Description of new attacks(under revision):
- Block Access to Libraries - add as a example of Setting_Manipulation
- Buffer_Overflow_via_Environment_Variables
- Cross_Frame_Scripting
- Denial_of_Service - The DoS items previously described were extracted from Testing_for_Denial_of_Service section of OWASP_Testing_Guide.
- Embedding_Null_Code
- Man-in-the-browser_attack
- Manipulating_User_Permission_Identifier
- Overflow_Binary_Resource_File
- Session_Prediction
Work Done
Note: this links were inserted here by Dinis Cruz from OWASP-NSRAV.zip file
Note2: Other items inserted and sorted by name by Leonardo Cavallari (NSRAV).
- Double_Encoding - (diff , history)
- Forced_browsing - (diff , history)
- Format_string_attack - (diff , history)
- LDAP_injection - (diff , history)
- Parameter_Delimiter - (diff , history)
- Path_Manipulation - (diff , history)
- Path_Traversal - (diff , history)
- Repudiation_Attack - (diff , history)
- Resource_Injection - (diff , history)
- Setting_Manipulation - (diff , history)
- SQL_Injection - (diff , history)
- Traffic_flood - (diff , history)
- Trojan_Horse - (diff , history)
- Unicode_Encoding - (diff , history)
by Przemyslaw 'rezos' Skowron (20071025 - part I - first 50%])
- Brute_force_attack - (diff , history)
- Cache_Poisoning - (diff , history)
- Code_Injection - (diff , history)
- Command_Injection - (diff , history)
- Cross-User_Defacement - (diff , history)
- Cross-site-scripting - (diff , history)
- XSS_in_error_pages - (diff , history)
New items
by Przemyslaw 'rezos' Skowron (20071104 - part II - second 50%])
- Account_lockout_attack - (diff , history)
- Alternate_XSS_Syntax - (diff, history)
- Asymmetric_resource_consumption_(amplification) - (diff, history)
- Blind_SQL_Injection - (diff, history)
- Blind_XPath_Injection - (diff, history)
- Comment_Element - (diff, history)
- Cryptanalysis - (diff, history)
- Custom_Special_Character_Injection - (diff, history)
- XPATH_Injection - (diff, history)
- XSS_using_Script_Via_Encoded_URI_Schemes - (diff, history)
- XSS_using_Script_in_Attributes - (diff, history)
NEW ITEMS - 20071104 (by Przemyslaw 'rezos' Skowron):
- Overflow_Binary_Resource_File - ([INITIAL VERSION diff] , history)
- Cross_Frame_Scripting - ([INITIAL VERSION diff] , history)
- Buffer_Overflow_via_Environment_Variables - ([INITIAL VERSION diff] , history)