» Home
» Login
» Falcove
» Allesta
» Products
» Download
» Support
» Contact
» Security
» About
 » Allesta > Attack Types
 
    

 AUTHENTICATION

  • Brute Force

    An automated process of trial and error used to guess a person's user name, password, credit card number or cryptographic key.
  • Insufficient Authentication

    The access of an attacker to sensitive content of a web site by using the permissions of the web site.
  • Weak Password Recovery Validation

    The ability of an attacker to illegally obtain, change or recover another user's password.

AUTHORIZATION

  • Credential/Session Prediction

    A method of hijacking or impersonating a web site user.
  • Insufficient Authorization

    The access of an attacker to sensitive content or functionality of a website that should require increased access control restrictions.
  • Insufficient Session Expiration

    Reuse of old session credentials or session IDs by an attacker for authorization.
  • Session Fixation

    An attack technique that forces a user's session ID to an explicit value.

CLIENT-SIDE ATTACKS

  • Content Spoofing

    An attack technique used to trick a user into believing that certain content appearing on a web site is legitimate and not from an external source.
  • Cross-site Scripting

    An attack technique that forces a web site to echo attacker-supplied executable code, which loads in a user's browser.

COMMAND EXECUTION

  • Buffer Overflow

    Attacks that alter the flow of an application by overwriting parts of memory.
  • Format String Attack

    Attacks that alter the flow of an application by using string formatting library features to access other memory space.
  • OS Commanding

    An attack technique used to exploit web sites by executing Operating System commands through manipulation of application input.
  • SQL Injection / LDAP Injection

    Attacks used to exploit web sites that construct SQL / LDAP statements from user-supplied input.
  • SSI(Server-side Include) Injection

    A server-side exploit technique that allows an attacker to send code into a web application, which will later be executed locally by the web server.
  • XPath Injection

    An attack technique used to exploit web sites that construct XPath queries from user-supplied input.

INFORMATION DISCLOSURE

  • Automatic Directory Indexing

    Attackers' use of directory listing function of the web server that lists all of the files within a requested directory if the normal base file is not present.
  • Information Leakage

    Attackers' use of the web site's disclosures of sensitive data, such as developer comments or error messages for exploiting.
  • Path Traversal

    To force access to files, directories, and commands that potentially reside outside the web document root directory.
  • Predictable Resource Location

    An attack technique used to uncover hidden web site content and functionality.

LOGICAL ATTACKS

  • Abuse of Functionality

    An attack technique that uses a web site's own features and functionality to consume, defraud, or circumvents access controls mechanisms.
  • Denial of Service

    Denial of Service (DoS) is an attack technique with the intent of preventing a web site from serving normal user activity.
  • Insufficient Anti-automation

    Attackers' automation of processes that should only be performed manually.
  • Insufficient Process Validation

    Insufficient Process Validation is when a web site permits an attacker to bypass or circumvent the intended flow control of an application.

OTHER ATTACKS

  • HTTP Response Splitting
  • Web Server/Application Fingerprinting
 
    

 
 
Privacy / LegalCopyright © 2003-2006 BuyServer(s).Net