Difference between revisions of "Attack template"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 +
Every '''[[Attack]]''' should follow this template.
 +
 
==Description==
 
==Description==
  
This is the structure of an Attack Article.
+
An attack is an action taken by a threat agent to exploit a vulnerability. Be sure you don't put [threat agents] or [vulnerabilities] in this category.
  
Sections "Overview", "Abstract", "Discussion", "Required Resources" and "Plataform", if existent, should be properly describe here, without subsections.
+
# Start with a one-sentence description of the attack
 +
# How is the attack is launched?
 +
# Who are the likely threat agents?
 +
# What vulnerability does this attack target?
  
In case of a "Exposure Period" section exists, it should be placed here as a subsection.
 
Ex:<nowiki>===Exposure Period===</nowiki>
 
  
 +
==Risk Factors==
  
==Examples==
+
* Talk about the [[OWASP Risk Rating Methodology|factors]] that make this attack likely or unlikely to actually happen
 +
* You can mention the likely technical impact of an attack
 +
* The [business impact] of an attack is probably conjecture, leave it out unless you're sure
  
===Example 1===
 
  
 +
==Examples==
  
===Example n===
+
; Short example name
 +
: One paragraph example description with [http://www.site.com links]
  
 
+
; Short example name
==Likelihood of exploitation==
+
: One paragraph example description with [http://www.site.com links]
  
  
 
==Related Attacks==
 
==Related Attacks==
 +
 +
* [[Attack 1]]
 +
* [[Attack 2]]
  
  
 
==Related Vulnerabilities==
 
==Related Vulnerabilities==
PS: contents of "Related Problems" sections should be placed here
 
  
 +
* [[Vulnerability 1]]
 +
* [[Vulnerabiltiy 2]]
  
 +
Note: the contents of "Related Problems" sections should be placed here
  
==Related Threats Agents==
+
 
 +
==Related Threat Agents==
 +
 
 +
* [[Threat Agent 1]]
 +
* [[Threat Agent 2]]
  
  
 
==Related Countermeasures==
 
==Related Countermeasures==
PS: contents of "Avoidance and Mitigation" Sections should be placed here
+
 
 +
* [[Countermeasure 1]]
 +
* [[Countermeasure 2]]
 +
 
 +
Note: contents of "Avoidance and Mitigation" Sections should be placed here
  
  
 
==References==
 
==References==
 +
 +
* [http://www.link1.com]
 +
* [http://www.link2.com Optional title here]
  
  
<nowiki>[[Category:XYZ]]</nowiki>
+
When the article is reviewed, the "Honeycomb" category can be removed and replaced with the "ASDR" category
 +
<nowiki>[[Category:OWASP Honeycomb Project]]</nowiki>
 +
<nowiki>[[Category:OWASP ASDR Project]]</nowiki>
  
<nowiki>[[Category:XPTO]]</nowiki>
+
__NOTOC__

Revision as of 22:57, 12 February 2008

Every Attack should follow this template.

Description

An attack is an action taken by a threat agent to exploit a vulnerability. Be sure you don't put [threat agents] or [vulnerabilities] in this category.

  1. Start with a one-sentence description of the attack
  2. How is the attack is launched?
  3. Who are the likely threat agents?
  4. What vulnerability does this attack target?


Risk Factors

  • Talk about the factors that make this attack likely or unlikely to actually happen
  • You can mention the likely technical impact of an attack
  • The [business impact] of an attack is probably conjecture, leave it out unless you're sure


Examples

Short example name
One paragraph example description with links
Short example name
One paragraph example description with links


Related Attacks


Related Vulnerabilities

Note: the contents of "Related Problems" sections should be placed here


Related Threat Agents


Related Countermeasures

Note: contents of "Avoidance and Mitigation" Sections should be placed here


References


When the article is reviewed, the "Honeycomb" category can be removed and replaced with the "ASDR" category [[Category:OWASP Honeycomb Project]] [[Category:OWASP ASDR Project]]