Application Threats / Attacks
According to the patterns & practices Improving Web Application Security book, the following are classes of common application security threats / attacks:
| Category | Threats / Attacks |
|---|---|
| Input Validation | Buffer overflow; cross-site scripting; SQL injection; canonicalization |
| Authentication | Network eavesdropping ; Brute force attack; dictionary attacks; cookie replay; credential theft |
| Authorization | Elevation of privilege; disclosure of confidential data; data tampering; luring attacks |
| Configuration management | Unauthorized access to administration interfaces; unauthorized access to configuration stores; retrieval of clear text configuration data; lack of individual accountability; over-privileged process and service accounts |
| Sensitive information | Access sensitive data in storage; network eavesdropping; data tampering |
| Session management | Session hijacking; session replay; man in the middle |
| Cryptography | Poor key generation or key management; weak or custom encryption |
| Parameter manipulation | Query string manipulation; form field manipulation; cookie manipulation; HTTP header manipulation |
| Exception management | Information disclosure; denial of service |
| Auditing and logging | User denies performing an operation; attacker exploits an application without trace; attacker covers his or her tracks |
Read more about this topic: Application Security
Famous quotes containing the words application, threats and/or attacks:
“My business is stanching blood and feeding fainting men; my post the open field between the bullet and the hospital. I sometimes discuss the application of a compress or a wisp of hay under a broken limb, but not the bearing and merits of a political movement. I make gruel—not speeches; I write letters home for wounded soldiers, not political addresses.”
—Clara Barton (1821–1912)
“Among the best traitors Ireland has ever had, Mother Church ranks at the very top, a massive obstacle in the path to equality and freedom. She has been a force for conservatism, not on the basis of preserving Catholic doctrine or preventing the corruption of her children, but simply to ward off threats to her own security and influence.”
—Bernadette Devlin (b. 1947)
“Literature is a defense against the attacks of life. It says to life: “You can’t deceive me. I know your habits, foresee and enjoy watching all your reactions, and steal your secret by involving you in cunning obstructions that halt your normal flow.””
—Cesare Pavese (1908–1950)