Part of a series on |
Automation |
---|
Automation in general |
Robotics and robots |
Impact of automation |
Trade shows and awards |
An automated threat is a type of computer security threat to a computer network or web application, characterised by the malicious use of automated tools such as Internet bots. Automated threats are popular on the internet as they can complete large amounts of repetitive tasks with almost no cost to execute.
Threat ontology
The OWASP Automated Threat Handbook provides a threat ontology list for classifying automated threats, which are enumerated below.
Identity Code | Name | Defining characteristics |
---|---|---|
OAT-020 | Account Aggregation | Use by an intermediary application that collects together multiple accounts
and interacts on their behalf |
OAT-019 | Account Creation | Create multiple accounts for subsequent misuse |
OAT-003 | Ad Fraud | False clicks and fraudulent display of web-placed advertisements |
OAT-009 | CAPTCHA Bypass | Solve anti-automation tests |
OAT-001 | Carding | Multiple payment authorisation attempts used to verify the validity of bulk
stolen payment card data |
OAT-010 | Card Cracking | Identify missing start/expiry dates and security codes for stolen payment card
data by trying different values |
OAT-012 | Cashing Out | Buy goods or obtain cash utilising validated stolen payment card or other user
account data |
OAT-007 | Credential Cracking | Identify valid login credentials by trying different values for usernames and/or
passwords |
OAT-015 | Denial of Service | Target resources of the application and database servers, or individual user
accounts, to achieve denial of service (DoS) |
OAT-006 | Expediting | Perform actions to hasten progress of usually slow, tedious or time-consuming
actions |
OAT-004 | Fingerprinting | Elicit information about the supporting software and framework types and
versions |
OAT-018 | Footprinting | Probe and explore application to identify its constituents and properties |
OAT-005 | Scalping | Obtain limited-availability and/or preferred goods/services by unfair methods |
OAT-011 | Scraping | Collect application content and/or other data for use elsewhere |
OAT-016 | Skewing | Repeated link clicks, page requests or form submissions intended to alter some
metric |
OAT-013 | Sniping | Last minute bid or offer for goods or services |
OAT-017 | Spamming | Malicious or questionable information addition that appears in public or
private content, databases or user messages |
OAT-002 | Token Cracking | Mass enumeration of coupon numbers, voucher codes, discount tokens, etc. |
OAT-014 | Vulnerability Scanning | Crawl and fuzz application to identify weaknesses and possible vulnerabilities |
References
- Watson, Colin (2015-10-26). "OWASP Automated Threat Handbook" (PDF). OWASP. OWASP. Retrieved 2016-09-10.
- "Security Insights: Defending Against Automated Threats | SecurityWeek.Com". www.securityweek.com. Retrieved 2016-09-18.