Difference between revisions of "SpoC 007 - Attacks Reference Guide - Progress Page"

From OWASP
Jump to: navigation, search
(Work Done)
Line 69: Line 69:
  
 
===Phase 3 ===
 
===Phase 3 ===
* Research new attacks: Attacks found so far (under revision):
+
Research and Description of new attacks(under revision):
 +
 
 +
** Block Access to Libraries - add as a example of [[Setting_Manipulation]]
 +
** Buffer Overflow via Environment Variables
 +
** Command Fixation Attacks
 +
** Cross Frame Scripting
 +
** [[Denial_of_Service]] - The DoS items previously described were extracted from [[Testing_for_Denial_of_Service]] section of [[OWASP_Testing_Guide]].
 +
** [[Embedding_Null_Code]]
 +
** [[Man-in-the-browser_attack]]
 +
** [[Manipulating_User_Permission_Identifier]]
 +
** Overflow Binary Resource File
 +
** [[Session_Prediction]]
 +
** XSS in IMG Tags
 +
** XSS Using Doubled Characters
  
**Block Access to Libraries
 
**Buffer Overflow via Environment Variables
 
**Command Fixation Attacks
 
**Cross Frame Scripting
 
**Embedding NULL Bytes
 
**Manipulating User State (Session Manipulation)
 
**Overflow Binary Resource File
 
**Session Credential Falsification through Prediction
 
**Violating Implicit Assumptions Regarding XML Content
 
**XSS in IMG Tags
 
**XSS Using Doubled Characters
 
  
* New attacks description: under development!
 
  
  
Line 89: Line 90:
 
Note: this links were inserted here by Dinis Cruz from OWASP-NSRAV.zip file
 
Note: this links were inserted here by Dinis Cruz from OWASP-NSRAV.zip file
  
 +
Note2: the items were sort by name by Leonardo Cavallari on 30/10.
  
* [[Direct_Static_Code_Injection]] - ([http://www.owasp.org/index.php?title=Direct_Static_Code_Injection&diff=22071&oldid=5711 diff] , [http://www.owasp.org/index.php?title=Direct_Static_Code_Injection&action=history history])
 
  
 
* [[Direct_Dynamic_Code_Evaluation_%28%27Eval_Injection%27%29]] - ([http://www.owasp.org/index.php?title=Direct_Dynamic_Code_Evaluation_%28%27Eval_Injection%27%29&diff=20797&oldid=6053 diff] , [http://www.owasp.org/index.php?title=Direct_Dynamic_Code_Evaluation_%28%27Eval_Injection%27%29&action=history history])
 
* [[Direct_Dynamic_Code_Evaluation_%28%27Eval_Injection%27%29]] - ([http://www.owasp.org/index.php?title=Direct_Dynamic_Code_Evaluation_%28%27Eval_Injection%27%29&diff=20797&oldid=6053 diff] , [http://www.owasp.org/index.php?title=Direct_Dynamic_Code_Evaluation_%28%27Eval_Injection%27%29&action=history history])
  
* [[Mobile_code:_invoking_untrusted_mobile_code]] - ([http://www.owasp.org/index.php?title=Mobile_code%3A_invoking_untrusted_mobile_code&diff=22072&oldid=6035 diff] , [http://www.owasp.org/index.php?title=Mobile_code:_invoking_untrusted_mobile_code&action=history history history])
+
* [[Direct_Static_Code_Injection]] - ([http://www.owasp.org/index.php?title=Direct_Static_Code_Injection&diff=22071&oldid=5711 diff] , [http://www.owasp.org/index.php?title=Direct_Static_Code_Injection&action=history history])
  
 
* [[Double_Encoding]] - ([http://www.owasp.org/index.php?title=Double_Encoding&diff=20712&oldid=5740 diff] , [http://www.owasp.org/index.php?title=Double_Encoding&action=history history])
 
* [[Double_Encoding]] - ([http://www.owasp.org/index.php?title=Double_Encoding&diff=20712&oldid=5740 diff] , [http://www.owasp.org/index.php?title=Double_Encoding&action=history history])
 +
 +
* [[Forced_browsing]] - ([http://www.owasp.org/index.php?title=Forced_browsing&diff=20649&oldid=19889 diff] , [http://www.owasp.org/index.php?title=Forced_browsing&action=history history])
  
 
* [[LDAP_injection]] - ([http://www.owasp.org/index.php?title=LDAP_injection&diff=20874&oldid=10830 diff] , [http://www.owasp.org/index.php?title=LDAP_injection&action=history history])
 
* [[LDAP_injection]] - ([http://www.owasp.org/index.php?title=LDAP_injection&diff=20874&oldid=10830 diff] , [http://www.owasp.org/index.php?title=LDAP_injection&action=history history])
  
* [[Forced_browsing]] - ([http://www.owasp.org/index.php?title=Forced_browsing&diff=20649&oldid=19889 diff] , [http://www.owasp.org/index.php?title=Forced_browsing&action=history history])
+
* [[Man-in-the-middle_attack]] - ([http://www.owasp.org/index.php?title=Man-in-the-middle_attack&diff=21145&oldid=18290 diff] , [http://www.owasp.org/index.php?title=Man-in-the-middle_attack&action=history history])
 +
 
 +
* [[Mobile_code:_invoking_untrusted_mobile_code]] - ([http://www.owasp.org/index.php?title=Mobile_code%3A_invoking_untrusted_mobile_code&diff=22072&oldid=6035 diff] , [http://www.owasp.org/index.php?title=Mobile_code:_invoking_untrusted_mobile_code&action=history history history])
 +
 
 +
* [[Mobile_code:_non-final_public_field]] - ([https://www.owasp.org/index.php?title=Mobile_code%3A_non-final_public_field&diff=22725&oldid=6036 diff] , [https://www.owasp.org/index.php?title=Mobile_code:_non-final_public_field&action=history history])
 +
 
 +
* [[Mobile_code:_object_hijack]] - ([https://www.owasp.org/index.php?title=Mobile_code%3A_object_hijack&diff=22727&oldid=6040 diff] , [https://www.owasp.org/index.php?title=Mobile_code:_object_hijack&action=history history])
  
 
* [[Parameter_Delimiter]] - ([http://www.owasp.org/index.php?title=Parameter_Delimiter&diff=21449&oldid=6190 diff] , [http://www.owasp.org/index.php?title=Parameter_Delimiter&action=history history])
 
* [[Parameter_Delimiter]] - ([http://www.owasp.org/index.php?title=Parameter_Delimiter&diff=21449&oldid=6190 diff] , [http://www.owasp.org/index.php?title=Parameter_Delimiter&action=history history])
 +
 +
* [[Path_Manipulation]] - ([http://www.owasp.org/index.php?title=Path_Manipulation&diff=22073&oldid=7983 diff] , [http://www.owasp.org/index.php?title=Path_Manipulation&action=history history])
  
 
* [[Path_Traversal]] - ([http://www.owasp.org/index.php?title=Path_Traversal&diff=20667&oldid=18282 diff] , [http://www.owasp.org/index.php?title=Path_Traversal&action=history history])
 
* [[Path_Traversal]] - ([http://www.owasp.org/index.php?title=Path_Traversal&diff=20667&oldid=18282 diff] , [http://www.owasp.org/index.php?title=Path_Traversal&action=history history])
  
* [[Path_Manipulation]] - ([http://www.owasp.org/index.php?title=Path_Manipulation&diff=22073&oldid=7983 diff] , [http://www.owasp.org/index.php?title=Path_Manipulation&action=history history])
+
*[[Repudiation_Attack]] - ([https://www.owasp.org/index.php?title=Repudiation_Attack&diff=22728&oldid=7397 diff] , [https://www.owasp.org/index.php?title=Repudiation_Attack&action=history history])
  
* [[Man-in-the-middle_attack]] - ([http://www.owasp.org/index.php?title=Man-in-the-middle_attack&diff=21145&oldid=18290 diff] , [http://www.owasp.org/index.php?title=Man-in-the-middle_attack&action=history history])
+
* [[Session_hijacking_attack]] - ([https://www.owasp.org/index.php?title=Session_hijacking_attack&diff=22733&oldid=6467 diff] , [https://www.owasp.org/index.php?title=Session_hijacking_attack&action=history history])
 +
 
 +
* [[Setting_Manipulation]] - ([https://www.owasp.org/index.php?title=Setting_Manipulation&diff=22734&oldid=7984 diff] , [https://www.owasp.org/index.php?title=Setting_Manipulation&action=history history])
 +
 
 +
* [[Spyware]] - ([https://www.owasp.org/index.php?title=Spyware&diff=22761&oldid=6448 diff] , [https://www.owasp.org/index.php?title=Spyware&action=history history])
 +
 
 +
* [[Trojan_Horse]] - ([https://www.owasp.org/index.php?title=Trojan_Horse&diff=22756&oldid=7078 diff] , [https://www.owasp.org/index.php?title=Trojan_Horse&action=history history])
  
  
 
by Przemyslaw 'rezos' Skowron (20071025)
 
by Przemyslaw 'rezos' Skowron (20071025)
 +
  
 
* [[Absolute_Path_Traversal]] - ([http://www.owasp.org/index.php?title=Absolute_Path_Traversal&diff=22637&oldid=14001 diff] , [http://www.owasp.org/index.php?title=Absolute_Path_Traversal&action=history history])
 
* [[Absolute_Path_Traversal]] - ([http://www.owasp.org/index.php?title=Absolute_Path_Traversal&diff=22637&oldid=14001 diff] , [http://www.owasp.org/index.php?title=Absolute_Path_Traversal&action=history history])
Line 138: Line 156:
  
  
 
* [[.]] - ([ diff] , [ history])
 
 
* [[.]] - ([ diff] , [ history])
 
 
* [[.]] - ([ diff] , [ history])
 
 
* [[.]] - ([ diff] , [ history])
 
  
 
* [[.]] - ([ diff] , [ history])
 
* [[.]] - ([ diff] , [ history])

Revision as of 16:33, 30 October 2007

Back to Attacks Reference Guide Main Page

Back to Refresh Attacks List Main Page


The Attack reference guide is being developed by NSRAV Security R&D and Przemyslaw 'Rezos' Skowron. In order to avoid work superposition, the project was divided in 3 phases comprising the following activities:

  1. Attack list revision and description (60% of the project)
  2. Attacks categorization (20% of the project)
  3. Research and describe new attacks (20% of the project)

Total project status: 70% Done!

CheckPoints and Decision

Phase 1 - 66% Done

  • Attack List Revision: Done!

Total number of items on the Attack Guide: 91!

We note that Attack reference guide was previously defined based on CWE - Common Weakness Enumeration, which defines global software weakness and threats. In order to develop the Attack reference guide focused on Web application attacks, we removed some items from the list. IN addition, other items were too generic or redundant and they were removed too. It was removed 26 items, as follows:

    • Link Following
    • Log forging
    • Logic/time bomb
    • PRNG permanent compromise attack
    • Script in IMG tags
    • Template:Attack
    • Unquoted Search Path or Element
    • Web problems
    • Wildcard or Matching Element
    • Windows ::DATA alternate data stream
    • Windows hard link
    • Windows MS-DOS device names
    • Windows Path Link problems
    • Windows Shortcut Following (.LNK)
    • Windows Virtual File problems
    • OS Injection
    • OS Command Injection
    • Cross_Site_Scripting
    • Cross-Site_Scripting
    • XSS Attacks
    • Interpreter Injection
    • One-click attack
    • CSRF
    • XSRF
    • API Abuse
    • Internal software developer
  • Attacks Description: 30 of 65 items done!

Phase 2 - DONE!

The attacks categorization was based on Common Attack Pattern Enumeration and Classification - CAPEC, since it is maintained by a respected entity and wide enough to fit all web application attacks.

The categories defined are:

  • Abuse of Functionality
  • Spoofing
  • Probabilistic Techniques
  • Exploitation of Authentication
  • Resource Depletion
  • Exploitation of Privilege/Trust
  • Injection (Injecting Control Plane content through the Data Plane)
  • Data Structure Attacks
  • Data Leakage Attacks
  • Resource Manipulation
  • Protocol Manipulation
  • Time and State Attacks

It was also defined the threats categorization based on WASC Threat Classification v2, under development.

Phase 3

Research and Description of new attacks(under revision):



Work Done

Note: this links were inserted here by Dinis Cruz from OWASP-NSRAV.zip file

Note2: the items were sort by name by Leonardo Cavallari on 30/10.



by Przemyslaw 'rezos' Skowron (20071025)



  • [[.]] - ([ diff] , [ history])