Difference between revisions of "Category:Attack"

From OWASP
Jump to: navigation, search
m (Corrected minor grammatical error)
 
(12 intermediate revisions by 7 users not shown)
Line 5: Line 5:
 
Attacks are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application.
 
Attacks are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application.
  
{{Template:PutInCategory}}
+
All attack articles should follow the [[Attack template]].
  
An attack article should include:
+
==Examples:==
* a description of exactly how the attack works
+
* tools and techniques for performing the attack
+
* links to related threats, vulnerabilities, and countermeasures
+
 
+
==Work to be done here includes==
+
 
+
We're in the process of creating, organizing, and completing the attack articles. If you'd like to help, find some stub articles in this category and fill in the details.
+
 
+
Creating articles for the following topics:
+
*Credential/Session Prediction
+
*Unauthorized Access Attempts
+
*Cross-Site Scripting
+
*Format String Attack
+
*Directory Indexing
+
*File Path Abuse
+
*Automation of Functionality (CSRF)
+
*File location guessing (see [[Guessed or visible temporary file]]
+
* ... make sure the attack is listed for each [[:Category:Vulnerability|vulnerability]]
+
  
 +
*Brute Force: Is an exhaustive attack that works by testing every possible value of a parameter (password, file name, etc.) [[:Brute_force_attack|Brute_force_attack]]
 +
*Cache Poisoning: Is an attack that seeks to introduce false or malicious data into a web cache, normally via HTTP Response Splitting.  [[:Cache_Poisoning|Cache_Poisoning]]
 +
*DNS Poisoning: Is an attack that seeks to introduce false DNS address information into the cache of a DNS server, where it will be served to other users enabling a variety of attacks. (e.g., Phishing)
  
 
Note: many of the items marked vulnerabilities from CLASP and other places are really attacks. Some of the more obvious are:
 
Note: many of the items marked vulnerabilities from CLASP and other places are really attacks. Some of the more obvious are:
* [[Command injection]]
 
 
* [[Log injection]]
 
* [[Log injection]]
 
* [[Resource exhaustion]]
 
* [[Resource exhaustion]]
* [[SQL injection]]
 
 
* [[Reflection injection]]
 
* [[Reflection injection]]
 
* [[Reflection attack in an auth protocol]]
 
* [[Reflection attack in an auth protocol]]
Line 38: Line 21:
  
 
[[Category:Article Type]]
 
[[Category:Article Type]]
[[Category:OWASP Honeycomb Project]]
+
[[Category:OWASP ASDR Project]]

Latest revision as of 07:48, 10 August 2012

This category is for tagging common types of application security attacks.

What is an attack?

Attacks are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application.

All attack articles should follow the Attack template.

Examples:

  • Brute Force: Is an exhaustive attack that works by testing every possible value of a parameter (password, file name, etc.) Brute_force_attack
  • Cache Poisoning: Is an attack that seeks to introduce false or malicious data into a web cache, normally via HTTP Response Splitting. Cache_Poisoning
  • DNS Poisoning: Is an attack that seeks to introduce false DNS address information into the cache of a DNS server, where it will be served to other users enabling a variety of attacks. (e.g., Phishing)

Note: many of the items marked vulnerabilities from CLASP and other places are really attacks. Some of the more obvious are:

Subcategories

This category has the following 12 subcategories, out of 12 total.

A

D

E

I

P

R

S

Pages in category "Attack"

The following 68 pages are in this category, out of 68 total.

A

B

C

C cont.

D

E

F

H

I

L

M

O

P

P cont.

R

S

T

U

W

X