This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

SpoC 007 - Attacks Reference Guide - Progress Page

From OWASP
Revision as of 19:08, 23 July 2007 by Nsrav (talk | contribs) (New page: The Attack reference guide is being developed by [SpoC_007_-_Attacks_Reference_Guide NSRAV Security Research group] and [SpoC_007_-_Refresh_Attacks_list Przemyslaw 'Rezos' Skowron]. In ord...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The Attack reference guide is being developed by [SpoC_007_-_Attacks_Reference_Guide NSRAV Security Research group] and [SpoC_007_-_Refresh_Attacks_list Przemyslaw 'Rezos' Skowron]. In order to avoid work superposition it was divided into 3 phases comprising the following activities:

  1. Attack list revision and description
  2. Attacks categorization
  3. Research and describe new attacks

CheckPoints and Decision

Phase 1

  • Attack List Revision: 0 Attacks Done!
  • Attacks Description: 0 of 84 items done!

Phase 2

The attacks categorization was based on ‘’ Common Attack Pattern Enumeration and Classification - CAPEC´´, since it is maintained by a respected entity and wide enough to fit all web application attacks.

The categories defined are:

  • Abuse of Functionality
  • Spoofing
  • Probabilistic Techniques
  • Exploitation of Authentication
  • Resource Depletion
  • Exploitation of Privilege/Trust
  • Injection (Injecting Control Plane content through the Data Plane)
  • Data Structure Attacks
  • Data Leakage Attacks
  • Resource Manipulation
  • Protocol Manipulation
  • Time and State Attacks

It was also defined the threats categorization based on Threat Classification v2, under development.

Phase 3

  • Research new attacks
  • New attacks description