Difference between revisions of "Attack template"

From OWASP
Jump to: navigation, search
Line 67: Line 67:
 
* [http://www.link2.com Title for the link2]
 
* [http://www.link2.com Title for the link2]
  
 +
One should classify Attacks subcategories by adding eg. <nowiki>[Category:Data Structure Attacks]]</nowiki> based on the following:
  
When the article is reviewed, the "Honeycomb" category SHOULD be removed and replaced with the "ASDR" category
+
Abuse of Functionality
<nowiki>[[Category:OWASP Honeycomb Project]]</nowiki>
+
<nowiki>[[Category:OWASP ASDR Project]]</nowiki>
+
  
 +
Data Structure Attacks
 +
 +
Exploitation of Authentication
 +
 +
Injection
 +
 +
Malicious Code Attack
 +
 +
Path Traversal Attack
 +
 +
Probabilistic Techniques
 +
 +
Protocol Manipulation
 +
 +
Resource Depletion
 +
 +
Resource Manipulation
 +
 +
Sniffing Attacks
 +
 +
Spoofing
 
__NOTOC__
 
__NOTOC__

Revision as of 10:25, 2 May 2008

Every Attack should follow this template.

This is an Attack. To view all attacks, please see the Attack Category page.


Last revision (mm/dd/yy): 05/2/2008

Description

An attack is an action taken by a threat agent to exploit a vulnerability. Be sure you don't put [threat agents] or [vulnerabilities] in this category.

  1. Start with a one-sentence description of the attack
  2. How is the attack is launched?
  3. Who are the likely threat agents?
  4. What vulnerability does this attack target?


Risk Factors

  • Talk about the factors that make this attack likely or unlikely to actually happen
  • You can mention the likely technical impact of an attack
  • The [business impact] of an attack is probably conjecture, leave it out unless you're sure


Examples

Short example name

A short example description, small picture, or sample code with links

Short example name

A short example description, small picture, or sample code with links


Related Threat Agents


Related Attacks


Related Vulnerabilities

Note: the contents of "Related Problems" sections should be placed here


Related Controls

Note: contents of "Avoidance and Mitigation" and "Countermeasure" Sections should be placed here


References

Note: A reference to related CWE or CAPEC article should be added when exists. Eg:

One should classify Attacks subcategories by adding eg. [Category:Data Structure Attacks]] based on the following:

Abuse of Functionality

Data Structure Attacks

Exploitation of Authentication

Injection

Malicious Code Attack

Path Traversal Attack

Probabilistic Techniques

Protocol Manipulation

Resource Depletion

Resource Manipulation

Sniffing Attacks

Spoofing