Application Threats / Attacks
According to the patterns & practices Improving Web Application Security book, the following are classes of common application security threats / attacks:
| Category | Threats / Attacks |
|---|---|
| Input Validation | Buffer overflow; cross-site scripting; SQL injection; canonicalization |
| Authentication | Network eavesdropping ; Brute force attack; dictionary attacks; cookie replay; credential theft |
| Authorization | Elevation of privilege; disclosure of confidential data; data tampering; luring attacks |
| Configuration management | Unauthorized access to administration interfaces; unauthorized access to configuration stores; retrieval of clear text configuration data; lack of individual accountability; over-privileged process and service accounts |
| Sensitive information | Access sensitive data in storage; network eavesdropping; data tampering |
| Session management | Session hijacking; session replay; man in the middle |
| Cryptography | Poor key generation or key management; weak or custom encryption |
| Parameter manipulation | Query string manipulation; form field manipulation; cookie manipulation; HTTP header manipulation |
| Exception management | Information disclosure; denial of service |
| Auditing and logging | User denies performing an operation; attacker exploits an application without trace; attacker covers his or her tracks |
Read more about this topic: Application Security
Famous quotes containing the words application, threats and/or attacks:
““Five o’clock tea” is a phrase our “rude forefathers,” even of the last generation, would scarcely have understood, so completely is it a thing of to-day; and yet, so rapid is the March of the Mind, it has already risen into a national institution, and rivals, in its universal application to all ranks and ages, and as a specific for “all the ills that flesh is heir to,” the glorious Magna Charta.”
—Lewis Carroll [Charles Lutwidge Dodgson] (1832–1898)
“Do not extort money from anyone by threats or false accusation, and be satisfied with your wages.”
—Bible: New Testament, Luke 3:14.
John the Baptist to Soldiers.
“Neither the wrath of Heaven nor the attacks of enemies
are as fatal as Pleasure alone when she infects the mind.”
—Silius Italicus (26–101)