Tuesday, September 27, 2005

Threat Classfication

Classes of Attack


SQL Injection
LDAP Injection
Cross-site Scripting
Abuse of Functionality
Brute Force
Buffer Overflow
Content Spoofing
Credential/Session Prediction
Denial of Service
Directory Indexing
Format String Attack
Information Leakage
Insufficient Anti-automation
Insufficient Authentication
Insufficient Authorization
Insufficient Process Validation
Insufficient Session Expiration
OS Commanding
Path Traversal
Predictable Resource Location
Session Fixation
SSI Injection
Weak Password Recovery Validation
XPath Injection
Fingerprinting
HTTP Response Splitting

0 Comments:

Post a Comment

<< Home