This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
SpoC 007 - Attacks Reference Guide - Progress Page
From OWASP
The Attack reference guide is being developed by NSRAV Security Research group and Przemyslaw 'Rezos' Skowron. In order to avoid work superposition, the project was divided in 3 phases comprising the following activities:
- Attack list revision and description
- Attacks categorization
- Research and describe new attacks
CheckPoints and Decision
Phase 1
- Attack List Revision: Done!
- Attacks Description: 20 of 84 items done!
Phase 2 - DONE!
The attacks categorization was based on Common Attack Pattern Enumeration and Classification - CAPEC, since it is maintained by a respected entity and wide enough to fit all web application attacks.
The categories defined are:
- Abuse of Functionality
- Spoofing
- Probabilistic Techniques
- Exploitation of Authentication
- Resource Depletion
- Exploitation of Privilege/Trust
- Injection (Injecting Control Plane content through the Data Plane)
- Data Structure Attacks
- Data Leakage Attacks
- Resource Manipulation
- Protocol Manipulation
- Time and State Attacks
It was also defined the threats categorization based on WASC Threat Classification v2, under development.
Phase 3
- Research new attacks
- New attacks description