Revision as of 19:22, 16 June 2006 by Jeff Williams (talk | contribs) (Examples of attacks)

Jump to: navigation, search

This category is for tagging common types of application security attacks.

What is an attack?

Attacks are the techniques that attackers use to exploit the vulnerabilities in applications. Attacks are often confused with vulnerabilities, so please try to be sure that the attack you are describing is something that an attacker would do, rather than a weakness in an application.

Examples of attacks

  • Credential/Session Prediction
  • Fuzzing
  • Unauthorized Access Attempts
  • Path traversal
  • Forced Browsing
  • Traffic Flood

How to add a new Attack article

You can follow the instructions to make a new Attack article. Please use the appropriate structure and follow the Tutorial. Be sure to paste the following at the end of your article to make it show up in the Attack category:


An attack article should include:

  • a description of exactly how the attack works
  • tools and techniques for performing the attack
  • links to related threats, vulnerabilities, and countermeasures
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.

Work to be done here includes

Creating articles for the following topics:

  • Credential/Session Prediction
  • Unauthorized Access Attempts
  • Session Fixation
  • Session Hijacking
  • Cross-Site Scripting
  • Buffer Overflow Attack
  • Format String Attack
  • Directory Indexing
  • File Path Abuse
  • Traffic Flood
  • Automation of Functionality
  • File location guessing (see Guessed or visible temporary file
  • ... make sure the attack is listed for each vulnerability

Note: many of the items marked vulnerabilities from CLASP and other places are really attacks. Some of the more obvious are:


This category has the following 12 subcategories, out of 12 total.







Pages in category "Attack"

The following 66 pages are in this category, out of 66 total.