Difference between revisions of "Threat agent template"

From OWASP
Jump to: navigation, search
(New page: ==Description== This is the structure of a Threat Agent Article. Sections "Overview", "Abstract", "Discussion", "Required Resources" and "Plataform", if existent, should be properly desc...)
 
Line 1: Line 1:
 +
Every '''[[Threat Agent]]''' should follow this template.
 +
 
==Description==
 
==Description==
  
This is the structure of a Threat Agent Article.
+
A threat agent is a group of "attackers" that carry out an [[attack]]. They can be human (intentional or unintentional) or natural (flood, fire, etc...).
 +
# Start with a one-sentence description of the threat agent
 +
# Who are the people that make up this threat agent?
 +
# Discuss characteristics of the threat agent.
  
Sections "Overview", "Abstract", "Discussion", "Required Resources" and "Plataform", if existent, should be properly describe here, without subsections.
 
  
In case of a "Exposure Period" section exists, it should be placed here as a subsection.
+
==Risk Factors==
Ex:<nowiki>===Exposure Period===</nowiki>
+
 
 +
* Talk about the [[OWASP Risk Rating Methodology|factors]] that make this threat agent likely or unlikely to attack
 +
* Be sure to discuss the size, motivation, capabilities, and opportunity of this threat agent
  
  
 
==Examples==
 
==Examples==
  
===Example 1===
+
; Short example name
 +
: One paragraph example description with [http://www.site.com links]
  
 +
; Short example name
 +
: One paragraph example description with [http://www.site.com links]
  
===Example n===
 
  
 +
==Related [[Attacks]]==
  
==Likelihood of exploitation==
+
* [[Attack 1]]
 +
* [[Attack 2]]
  
  
==Related Threats Agents==
+
==Related [[Vulnerabilities]]==
  
 +
* [[Vulnerability 1]]
 +
* [[Vulnerabiltiy 2]]
  
==Related Attacks==
+
Note: the contents of "Related Problems" sections should be placed here
  
  
==Related Vulnerabilities==
+
==Related [[Countermeasures]]==
PS: contents of "Related Problems" sections should be placed here
+
  
 +
* [[Countermeasure 1]]
 +
* [[Countermeasure 2]]
  
==Related Countermeasures==
+
Note: contents of "Avoidance and Mitigation" Sections should be placed here
PS: contents of "Avoidance and Mitigation" Sections should be placed here
+
 
 +
 
 +
==Related [[Technical Impacts]]==
 +
 
 +
* [[Technical Impact 1]]
 +
* [[Technical Impact 2]]
  
  
 
==References==
 
==References==
 +
 +
* http://www.link1.com
 +
* [http://www.link2.com Title for the link]
  
  
<nowiki>[[Category:XYZ]]</nowiki>
+
When the article is reviewed, the "Honeycomb" category can be removed and replaced with the "ASDR" category
 +
<nowiki>[[Category:OWASP Honeycomb Project]]</nowiki>
 +
<nowiki>[[Category:OWASP ASDR Project]]</nowiki>
  
<nowiki>[[Category:XPTO]]</nowiki>
+
__NOTOC__

Revision as of 23:25, 12 February 2008

Every Threat Agent should follow this template.

Description

A threat agent is a group of "attackers" that carry out an attack. They can be human (intentional or unintentional) or natural (flood, fire, etc...).

  1. Start with a one-sentence description of the threat agent
  2. Who are the people that make up this threat agent?
  3. Discuss characteristics of the threat agent.


Risk Factors

  • Talk about the factors that make this threat agent likely or unlikely to attack
  • Be sure to discuss the size, motivation, capabilities, and opportunity of this threat agent


Examples

Short example name
One paragraph example description with links
Short example name
One paragraph example description with links


Related Attacks


Related Vulnerabilities

Note: the contents of "Related Problems" sections should be placed here


Related Countermeasures

Note: contents of "Avoidance and Mitigation" Sections should be placed here


Related Technical Impacts


References


When the article is reviewed, the "Honeycomb" category can be removed and replaced with the "ASDR" category [[Category:OWASP Honeycomb Project]] [[Category:OWASP ASDR Project]]