Difference between revisions of "SpoC 007 - Attacks Reference Guide - Progress Page"

From OWASP
Jump to: navigation, search
(Phase 1 - 40% Done)
m
Line 1: Line 1:
 
The Attack reference guide is being developed by [[SpoC_007_-_Attacks_Reference_Guide |NSRAV Security Research group]] and [[SpoC_007_-_Refresh_Attacks_list |Przemyslaw 'Rezos' Skowron]]. In order to avoid work superposition, the project was divided in 3 phases comprising the following activities:
 
The Attack reference guide is being developed by [[SpoC_007_-_Attacks_Reference_Guide |NSRAV Security Research group]] and [[SpoC_007_-_Refresh_Attacks_list |Przemyslaw 'Rezos' Skowron]]. In order to avoid work superposition, the project was divided in 3 phases comprising the following activities:
  
# Attack list revision and description
+
# Attack list revision and description (60% of the project)
# Attacks categorization
+
# Attacks categorization (20% of the project)
# Research and describe new attacks
+
# Research and describe new attacks (20% of the project)
 +
 
 +
Total project status: '''40% Done!'''
  
 
== CheckPoints and Decision ==
 
== CheckPoints and Decision ==
Line 9: Line 11:
 
===Phase 1 - 40% Done ===
 
===Phase 1 - 40% Done ===
 
* Attack List Revision: '''Done!'''
 
* Attack List Revision: '''Done!'''
We note that Attack reference guide was previously defined based on [http://cwe.mitre.org/ CWE - Common Weakness Enumeration], which defines global software weakness and threats. In order to develop the Attack reference guide focused on Web application attacks, we removed some items from the list. Other items were too generic or redundant and they were removed too, as follows:
+
Total number of items on the Attack Guide: '''91'''!
 +
 
 +
We note that Attack reference guide was previously defined based on [http://cwe.mitre.org/ CWE - Common Weakness Enumeration], which defines global software weakness and threats. In order to develop the Attack reference guide focused on Web application attacks, we removed some items from the list. IN addition, other items were too generic or redundant and they were removed too. It was removed '''15 items''', as follows:
  
 
**Link Following
 
**Link Following
Line 28: Line 32:
  
  
* Attacks Description: 17 of 69 items done!
+
* Attacks Description: '''25 of 76 items done'''!
  
 
===Phase 2 - DONE! ===
 
===Phase 2 - DONE! ===

Revision as of 09:00, 29 August 2007

The Attack reference guide is being developed by NSRAV Security Research group and Przemyslaw 'Rezos' Skowron. In order to avoid work superposition, the project was divided in 3 phases comprising the following activities:

  1. Attack list revision and description (60% of the project)
  2. Attacks categorization (20% of the project)
  3. Research and describe new attacks (20% of the project)

Total project status: 40% Done!

Contents

CheckPoints and Decision

Phase 1 - 40% Done

  • Attack List Revision: Done!

Total number of items on the Attack Guide: 91!

We note that Attack reference guide was previously defined based on CWE - Common Weakness Enumeration, which defines global software weakness and threats. In order to develop the Attack reference guide focused on Web application attacks, we removed some items from the list. IN addition, other items were too generic or redundant and they were removed too. It was removed 15 items, as follows:

    • Link Following
    • Log forging
    • Logic/time bomb
    • PRNG permanent compromise attack
    • Script in IMG tags
    • Template:Attack
    • Unquoted Search Path or Element
    • Web problems
    • Wildcard or Matching Element
    • Windows ::DATA alternate data stream
    • Windows hard link
    • Windows MS-DOS device names
    • Windows Path Link problems
    • Windows Shortcut Following (.LNK)
    • Windows Virtual File problems


  • Attacks Description: 25 of 76 items done!

Phase 2 - DONE!

The attacks categorization was based on Common Attack Pattern Enumeration and Classification - CAPEC, since it is maintained by a respected entity and wide enough to fit all web application attacks.

The categories defined are:

  • Abuse of Functionality
  • Spoofing
  • Probabilistic Techniques
  • Exploitation of Authentication
  • Resource Depletion
  • Exploitation of Privilege/Trust
  • Injection (Injecting Control Plane content through the Data Plane)
  • Data Structure Attacks
  • Data Leakage Attacks
  • Resource Manipulation
  • Protocol Manipulation
  • Time and State Attacks

It was also defined the threats categorization based on WASC Threat Classification v2, under development.

Phase 3

  • Research new attacks
  • New attacks description