Английская Википедия:Automated threat

Материал из Онлайн справочника
Версия от 11:22, 4 февраля 2024; EducationBot (обсуждение | вклад) (Новая страница: «{{Английская Википедия/Панель перехода}} {{automation}} An '''automated threat''' is a type of computer security threat to a computer network or web application, characterised by the malicious use of automated tools such as Internet bots.<ref>{{Cite web|url=https://www.owasp.org/images/3/33/Automated-threat-handbook.pdf|title=OWASP Automated Threat Handbook|last=Watson...»)
(разн.) ← Предыдущая версия | Текущая версия (разн.) | Следующая версия → (разн.)
Перейти к навигацииПерейти к поиску

Шаблон:Automation An automated threat is a type of computer security threat to a computer network or web application, characterised by the malicious use of automated tools such as Internet bots.[1] Automated threats are popular on the internet as they can complete large amounts of repetitive tasks with almost no cost to execute.[2]

Threat ontology

The OWASP Automated Threat Handbook provides a threat ontology list for classifying automated threats, which are enumerated below.

Identity Code Name Defining characteristics
OAT-020 Account Aggregation Use by an intermediary application that collects together multiple accounts

and interacts on their behalf

OAT-019 Account Creation Create multiple accounts for subsequent misuse
OAT-003 Ad Fraud False clicks and fraudulent display of web-placed advertisements
OAT-009 CAPTCHA Bypass Solve anti-automation tests
OAT-001 Carding Multiple payment authorisation attempts used to verify the validity of bulk

stolen payment card data

OAT-010 Card Cracking Identify missing start/expiry dates and security codes for stolen payment card

data by trying different values

OAT-012 Cashing Out Buy goods or obtain cash utilising validated stolen payment card or other user

account data

OAT-007 Credential Cracking Identify valid login credentials by trying different values for usernames and/or

passwords

OAT-015 Denial of Service Target resources of the application and database servers, or individual user

accounts, to achieve denial of service (DoS)

OAT-006 Expediting Perform actions to hasten progress of usually slow, tedious or time-consuming

actions

OAT-004 Fingerprinting Elicit information about the supporting software and framework types and

versions

OAT-018 Footprinting Probe and explore application to identify its constituents and properties
OAT-005 Scalping Obtain limited-availability and/or preferred goods/services by unfair methods
OAT-011 Scraping Collect application content and/or other data for use elsewhere
OAT-016 Skewing Repeated link clicks, page requests or form submissions intended to alter some

metric

OAT-013 Sniping Last minute bid or offer for goods or services
OAT-017 Spamming Malicious or questionable information addition that appears in public or

private content, databases or user messages

OAT-002 Token Cracking Mass enumeration of coupon numbers, voucher codes, discount tokens, etc.
OAT-014 Vulnerability Scanning Crawl and fuzz application to identify weaknesses and possible vulnerabilities

References

Шаблон:Reflist