Difference between revisions of "ASDR TOC Attacks"

From OWASP
Jump to: navigation, search
 
(20 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Back to [[ASDR_Table_of_Contents|TOC]]
+
{{template:CandidateForDeletion}}
 +
 
 +
#REDIRECT [[::Category:Attack]]
 +
 
  
---> Thiago Lechuga
 
 
* 1 [[Absolute Path Traversal]]
 
* 1 [[Absolute Path Traversal]]
 
* 2 [[Account lockout attack]]
 
* 2 [[Account lockout attack]]
* 3 [[Alternate XSS Syntax]]
 
 
* 4 [[Argument Injection or Modification]]
 
* 4 [[Argument Injection or Modification]]
 
* 5 [[Asymmetric resource consumption (amplification)]]
 
* 5 [[Asymmetric resource consumption (amplification)]]
Line 11: Line 12:
 
* 8 [[Brute force attack]]
 
* 8 [[Brute force attack]]
 
* 9 [[Buffer overflow attack]]
 
* 9 [[Buffer overflow attack]]
* 10 [[Cross-Site_Request_Forgery_%28CSRF%29|CSRF]]
 
<--- Thiago Lechuga
 
 
---> Ulisses Castro
 
 
* 11 [[Cache Poisoning]]
 
* 11 [[Cache Poisoning]]
 
* 12 [[Code Injection]]
 
* 12 [[Code Injection]]
 
* 13 [[Command Injection]]
 
* 13 [[Command Injection]]
* 14 [[Comment Injection]]
+
* 14 [[Comment Injection Attack]]
 
* 15 [[Cross Site Tracing]]
 
* 15 [[Cross Site Tracing]]
 
* 16 [[Cross-Site Request Forgery]]
 
* 16 [[Cross-Site Request Forgery]]
 
* 17 [[Cross-User Defacement]]
 
* 17 [[Cross-User Defacement]]
* 18 [[Cross-site-scripting]]
+
* 18 [[Cross-site Scripting (XSS)]]
 
* 19 [[Cryptanalysis]]
 
* 19 [[Cryptanalysis]]
 
* 20 [[Custom Special Character Injection]]
 
* 20 [[Custom Special Character Injection]]
<--- Ulisses Castro
 
  
---> Eduardo Alves
+
* [[Denial of Service]]
 
* 21 [[Direct Dynamic Code Evaluation ('Eval Injection')]]
 
* 21 [[Direct Dynamic Code Evaluation ('Eval Injection')]]
 
* 22 [[Direct Static Code Injection]]
 
* 22 [[Direct Static Code Injection]]
Line 36: Line 32:
 
* 27 [[HTTP Request Smuggling]]
 
* 27 [[HTTP Request Smuggling]]
 
* 28 [[HTTP Response Splitting]]
 
* 28 [[HTTP Response Splitting]]
* 29 [[Integer Overflows/Underflows]]
 
 
* 30 [[LDAP injection]]
 
* 30 [[LDAP injection]]
<--- Eduardo Alves
 
  
---> Eduardo Serrano
+
* [[Man-in-the-browser attack]]
 
* 31 [[Man-in-the-middle attack]]
 
* 31 [[Man-in-the-middle attack]]
 
* 32 [[Mobile code: invoking untrusted mobile code]]
 
* 32 [[Mobile code: invoking untrusted mobile code]]
Line 48: Line 42:
 
* 36 [[One-Click Attack]]
 
* 36 [[One-Click Attack]]
 
* 37 [[Overflow Binary Resource File]]
 
* 37 [[Overflow Binary Resource File]]
 +
 +
*  [[Page Hijacking]]
 
* 38 [[Parameter Delimiter]]
 
* 38 [[Parameter Delimiter]]
 
* 39 [[Path Manipulation]]
 
* 39 [[Path Manipulation]]
 
* 40 [[Path Traversal]]
 
* 40 [[Path Traversal]]
<--- Eduardo Serrano
 
  
---> Alexandro Silva
 
* 41 [[Phishing]]
 
 
* 42 [[Relative Path Traversal]]
 
* 42 [[Relative Path Traversal]]
 
* 43 [[Repudiation Attack]]
 
* 43 [[Repudiation Attack]]
 
* 44 [[Resource Injection]]
 
* 44 [[Resource Injection]]
* 45 [[Reviewing code for XSS issues]]
 
 
* 46 [[SQL Injection]]
 
* 46 [[SQL Injection]]
 
* 47 [[Server-Side Includes (SSI) Injection]]
 
* 47 [[Server-Side Includes (SSI) Injection]]
Line 64: Line 56:
 
* 49 [[Session hijacking attack]]
 
* 49 [[Session hijacking attack]]
 
* 50 [[Setting Manipulation]]
 
* 50 [[Setting Manipulation]]
<--- Alexandro Silva
 
 
---> Anderson Tamborim
 
 
* 51 [[Special Element Injection]]
 
* 51 [[Special Element Injection]]
 
* 52 [[Spyware]]
 
* 52 [[Spyware]]
Line 75: Line 64:
 
* 57 [[XPATH Injection]]
 
* 57 [[XPATH Injection]]
 
* 58 [[XSRF]]
 
* 58 [[XSRF]]
* 59 [[XSS in error pages]]
 
 
* 60 [[XSS using Script Via Encoded URI Schemes]]
 
* 60 [[XSS using Script Via Encoded URI Schemes]]
 
* 61 [[XSS using Script in Attributes]]
 
* 61 [[XSS using Script in Attributes]]
<--- Anderson Tamborim
 
 
Back to [[ASDR_Table_of_Contents|TOC]]
 
 
[[Category:OWASP ASDR Project]]
 

Latest revision as of 16:02, 14 April 2009


This page was marked to be reviewed for deletion.


#REDIRECT :Category:Attack