Difference between revisions of "Attack template"

From OWASP
Jump to: navigation, search
Line 20: Line 20:
 
==Examples==
 
==Examples==
  
; Short example name
+
===Short example name===
: One paragraph example description with [http://www.site.com links]
+
: A short example description, small picture, or sample code with [http://www.site.com links]
  
; Short example name
+
===Short example name===
: One paragraph example description with [http://www.site.com links]
+
: A short example description, small picture, or sample code with [http://www.site.com links]
  
  
Line 57: Line 57:
 
==References==
 
==References==
  
 +
Note: A reference to related [http://cwe.mitre.org/ CWE] or [http://capec.mitre.org/ CAPEC] article should be added when exists. Eg:
 +
 +
* [http://cwe.mitre.org/data/definitions/79.html CWE 79].
 
* http://www.link1.com
 
* http://www.link1.com
 
* [http://www.link2.com Title for the link]
 
* [http://www.link2.com Title for the link]
 +
 +
  
  

Revision as of 18:37, 18 February 2008

Every Attack should follow this template.

Description

An attack is an action taken by a threat agent to exploit a vulnerability. Be sure you don't put [threat agents] or [vulnerabilities] in this category.

  1. Start with a one-sentence description of the attack
  2. How is the attack is launched?
  3. Who are the likely threat agents?
  4. What vulnerability does this attack target?


Risk Factors

  • Talk about the factors that make this attack likely or unlikely to actually happen
  • You can mention the likely technical impact of an attack
  • The [business impact] of an attack is probably conjecture, leave it out unless you're sure


Examples

Short example name

A short example description, small picture, or sample code with links

Short example name

A short example description, small picture, or sample code with links


Related Threat Agents


Related Attacks


Related Vulnerabilities

Note: the contents of "Related Problems" sections should be placed here


Related Countermeasures

Note: contents of "Avoidance and Mitigation" Sections should be placed here


References

Note: A reference to related CWE or CAPEC article should be added when exists. Eg:



When the article is reviewed, the "Honeycomb" category can be removed and replaced with the "ASDR" category [[Category:OWASP Honeycomb Project]] [[Category:OWASP ASDR Project]]