Application Threats / Attacks
According to the patterns & practices Improving Web Application Security book, the following are classes of common application security threats / attacks:
| Category | Threats / Attacks |
|---|---|
| Input Validation | Buffer overflow; cross-site scripting; SQL injection; canonicalization |
| Authentication | Network eavesdropping ; Brute force attack; dictionary attacks; cookie replay; credential theft |
| Authorization | Elevation of privilege; disclosure of confidential data; data tampering; luring attacks |
| Configuration management | Unauthorized access to administration interfaces; unauthorized access to configuration stores; retrieval of clear text configuration data; lack of individual accountability; over-privileged process and service accounts |
| Sensitive information | Access sensitive data in storage; network eavesdropping; data tampering |
| Session management | Session hijacking; session replay; man in the middle |
| Cryptography | Poor key generation or key management; weak or custom encryption |
| Parameter manipulation | Query string manipulation; form field manipulation; cookie manipulation; HTTP header manipulation |
| Exception management | Information disclosure; denial of service |
| Auditing and logging | User denies performing an operation; attacker exploits an application without trace; attacker covers his or her tracks |
Read more about this topic: Application Security
Famous quotes containing the words application, threats and/or attacks:
“I think that a young state, like a young virgin, should modestly stay at home, and wait the application of suitors for an alliance with her; and not run about offering her amity to all the world; and hazarding their refusal.... Our virgin is a jolly one; and tho at present not very rich, will in time be a great fortune, and where she has a favorable predisposition, it seems to me well worth cultivating.”
—Benjamin Franklin (1706–1790)
“Southerners, whose ancestors a hundred years ago knew the horrors of a homeland devastated by war, are particularly determined that war shall never come to us again. All Americans understand the basic lessons of history: that we need to be resolute and able to protect ourselves, to prevent threats and domination by others.”
—Jimmy Carter (James Earl Carter, Jr.)
“The rebel, unlike the revolutionary, does not attempt to undermine the social order as a whole. The rebel attacks the tyrant; the revolutionary attacks tyranny. I grant that there are rebels who regard all governments as tyrannical; nonetheless, it is abuses that they condemn, not power itself. Revolutionaries, on the other hand, are convinced that the evil does not lie in the excesses of the constituted order but in order itself. The difference, it seems to me, is considerable.”
—Octavio Paz (b. 1914)