This project is read-only.

Threats and Attacks for Web Applications

- J.D. Meier, Paul Enfield.

Category Threats/Attacks
Auditing and Logging * User denies performing an operation
* Attacker exploits an application without trace
* Attacker covers his tracks
Authentication * Brute force attacks
* Cookie replay attacks
* Dictionary attacks
* Network eavesdropping
* Credential theft
Authorization * Disclosure of confidential data
* Data tampering
* Elevation of privilege
* Luring attacks
Configuration Management * Unauthorized access to configuration stores
* Retrieval of clear text configuration secrets
* Lack of individual accountability
Cryptography * Encryption cracking
* Loss of decryption keys
Exception Management * Revealing sensitive system or application details
* Denial of service attacks
Input and Data Validation * HTTP forgery (CSRF)
* Cookie manipulation
* Query string manipulation
* HTTP header manipulation
* Cross-site scripting
* Buffer overflows
* SQL injection
* Canonicalization attacks
* Form field manipulation
Sensitive Data * Accessing sensitive data in storage
* Network eavesdropping
* Information disclosure
Session Management * Session hijacking
* Session replay
* Man-in-the-middle attacks

Last edited May 20, 2010 at 8:27 PM by paulenfield, version 2

Comments

No comments yet.