Application Threats / Attacks
According to the patterns & practices Improving Web Application Security book, the following are classes of common application security threats / attacks:
| Category | Threats / Attacks |
|---|---|
| Input Validation | Buffer overflow; cross-site scripting; SQL injection; canonicalization |
| Authentication | Network eavesdropping ; Brute force attack; dictionary attacks; cookie replay; credential theft |
| Authorization | Elevation of privilege; disclosure of confidential data; data tampering; luring attacks |
| Configuration management | Unauthorized access to administration interfaces; unauthorized access to configuration stores; retrieval of clear text configuration data; lack of individual accountability; over-privileged process and service accounts |
| Sensitive information | Access sensitive data in storage; network eavesdropping; data tampering |
| Session management | Session hijacking; session replay; man in the middle |
| Cryptography | Poor key generation or key management; weak or custom encryption |
| Parameter manipulation | Query string manipulation; form field manipulation; cookie manipulation; HTTP header manipulation |
| Exception management | Information disclosure; denial of service |
| Auditing and logging | User denies performing an operation; attacker exploits an application without trace; attacker covers his or her tracks |
Read more about this topic: Application Security
Famous quotes containing the words application, threats and/or attacks:
“May my application so close
To so endless a repetition
Not make me tired and morose
And resentful of man’s condition.”
—Robert Frost (1874–1963)
“Do not extort money from anyone by threats or false accusation, and be satisfied with your wages.”
—Bible: New Testament, Luke 3:14.
John the Baptist to Soldiers.
“I find that with me low spirits and feeble health come and go together. The last two or three months I have had frequent attacks of the blues. They generally are upon me or within me when I am somewhat out of order in bowels, throat, or head.”
—Rutherford Birchard Hayes (1822–1893)