Attack template

From OWASP
Revision as of 22:58, 12 February 2008 by Jeff Williams (Talk | contribs)

Jump to: navigation, search

Every Attack should follow this template.

Description

An attack is an action taken by a threat agent to exploit a vulnerability. Be sure you don't put [threat agents] or [vulnerabilities] in this category.

  1. Start with a one-sentence description of the attack
  2. How is the attack is launched?
  3. Who are the likely threat agents?
  4. What vulnerability does this attack target?


Risk Factors

  • Talk about the factors that make this attack likely or unlikely to actually happen
  • You can mention the likely technical impact of an attack
  • The [business impact] of an attack is probably conjecture, leave it out unless you're sure


Examples

Short example name
One paragraph example description with links
Short example name
One paragraph example description with links


Related Threat Agents


Related Attacks


Related Vulnerabilities

Note: the contents of "Related Problems" sections should be placed here


Related Countermeasures

Note: contents of "Avoidance and Mitigation" Sections should be placed here


References


When the article is reviewed, the "Honeycomb" category can be removed and replaced with the "ASDR" category [[Category:OWASP Honeycomb Project]] [[Category:OWASP ASDR Project]]