Difference between revisions of "Category:Threat Agent"

From OWASP
Jump to: navigation, search
(What is a threat agent?)
(What is a threat agent?)
Line 25: Line 25:
  
 
'''References:'''
 
'''References:'''
1. Understanding and Developing a Threat Assessment Model, S Vidalis and A Blyth, University of Glamorgan.
+
1. Understanding and Developing a Threat Assessment Model, S Vidalis and A Blyth, University of Glamorgan.<BR>
 
2. Electronic Warfare Association – Australia
 
2. Electronic Warfare Association – Australia

Revision as of 02:22, 13 July 2007

This category is for tagging articles related to common application security threat agents.

What is a threat agent?

A threat agent is an entity which bears complete or partial causal responsibility for the realization of a threat.

Threat agents fall into several broad categories:

  • Non-Target Specific: Non-Target specific Threat Agents are Computer Viruses, Worms, Trojan Horses and Logic Bombs.
  • Employees: Staff, Contractors, Operational and Maintenance Staff, Security Guard who are annoyed with the company.
  • Organized Crime and Criminals: Criminals target information that is of value to them, such as bank accounts, credit cards or intellectual property that can be converted into money. Criminals will often make use of insiders to help them.
  • The Corporations: Corporations are engaged in offensive Information Warfare. Partners and Competitors come under this category.
  • Natural (Flood, Fire, Lightning, Meteor, Earthquakes)
  • Human Unintentional (accidents, carelessness)
  • Human Intentional (insider, outsider)


Threat Risk Modeling is an activity to understand the security in an application. The specific vulnerability, related countermeasures, and impact are not required to discuss a threat, because the threat exists even if the target is well protected against it. For example, there is a threat that an attacker could launch a denial of service attack against your application even if you have sufficient defenses in place.

How to add a new Threat Agent article

You can follow the instructions to make a new Threat Agent article. Please use the appropriate structure and follow the Tutorial. Be sure to paste the following at the end of your article to make it show up in the Threat Agent category:

[[Category:Threat Agent]]

Your article should be specific about the threat agent and potential attacks involved. You should provide details about how to determine whether the threat applies to an application and how to estimate its likelihood.

References: 1. Understanding and Developing a Threat Assessment Model, S Vidalis and A Blyth, University of Glamorgan.
2. Electronic Warfare Association – Australia

Subcategories

This category has the following 4 subcategories, out of 4 total.

E

I

Pages in category "Threat Agent"

The following 9 pages are in this category, out of 9 total.