Automated threat
From Wikipedia the free encyclopedia
| Part of a series on |
| Automation |
|---|
 |
| Automation in general |
| Robotics and robots |
| Impact of automation |
| Trade shows and awards |
An automated threat is a type of computer security threat to a computer network or web application, characterised by the malicious use of automated tools such as Internet bots.[1] Automated threats are popular on the internet as they can complete large amounts of repetitive tasks with almost no cost to execute.[2]
Threat ontology[edit]
The OWASP Automated Threat Handbook provides a threat ontology list for classifying automated threats, which are enumerated below.
| Identity Code | Name | Defining characteristics |
|---|---|---|
| OAT-020 | Account Aggregation | Use by an intermediary application that collects together multiple accounts and interacts on their behalf |
| OAT-019 | Account Creation | Create multiple accounts for subsequent misuse |
| OAT-003 | Ad Fraud | False clicks and fraudulent display of web-placed advertisements |
| OAT-009 | CAPTCHA Bypass | Solve anti-automation tests |
| OAT-001 | Carding | Multiple payment authorisation attempts used to verify the validity of bulk stolen payment card data |
| OAT-010 | Card Cracking | Identify missing start/expiry dates and security codes for stolen payment card data by trying different values |
| OAT-012 | Cashing Out | Buy goods or obtain cash utilising validated stolen payment card or other user account data |
| OAT-007 | Credential Cracking | Identify valid login credentials by trying different values for usernames and/or passwords |
| OAT-015 | Denial of Service | Target resources of the application and database servers, or individual user accounts, to achieve denial of service (DoS) |
| OAT-006 | Expediting | Perform actions to hasten progress of usually slow, tedious or time-consuming actions |
| OAT-004 | Fingerprinting | Elicit information about the supporting software and framework types and versions |
| OAT-018 | Footprinting | Probe and explore application to identify its constituents and properties |
| OAT-005 | Scalping | Obtain limited-availability and/or preferred goods/services by unfair methods |
| OAT-011 | Scraping | Collect application content and/or other data for use elsewhere |
| OAT-016 | Skewing | Repeated link clicks, page requests or form submissions intended to alter some metric |
| OAT-013 | Sniping | Last minute bid or offer for goods or services |
| OAT-017 | Spamming | Malicious or questionable information addition that appears in public or private content, databases or user messages |
| OAT-002 | Token Cracking | Mass enumeration of coupon numbers, voucher codes, discount tokens, etc. |
| OAT-014 | Vulnerability Scanning | Crawl and fuzz application to identify weaknesses and possible vulnerabilities |
References[edit]
- ^ Watson, Colin (2015-10-26). "OWASP Automated Threat Handbook" (PDF). OWASP. OWASP. Retrieved 2016-09-10.
- ^ "Security Insights: Defending Against Automated Threats | SecurityWeek.Com". www.securityweek.com. Retrieved 2016-09-18.