Misplaced Pages

Automated threat

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
(Redirected from Automated Threat)
Part of a series on
Automation
Automation in general
Robotics and robots
Impact of automation
Trade shows and awards

An automated threat is a type of computer security threat to a computer network or web application, characterised by the malicious use of automated tools such as Internet bots. Automated threats are popular on the internet as they can complete large amounts of repetitive tasks with almost no cost to execute.

Threat ontology

The OWASP Automated Threat Handbook provides a threat ontology list for classifying automated threats, which are enumerated below.

Identity Code Name Defining characteristics
OAT-020 Account Aggregation Use by an intermediary application that collects together multiple accounts

and interacts on their behalf

OAT-019 Account Creation Create multiple accounts for subsequent misuse
OAT-003 Ad Fraud False clicks and fraudulent display of web-placed advertisements
OAT-009 CAPTCHA Bypass Solve anti-automation tests
OAT-001 Carding Multiple payment authorisation attempts used to verify the validity of bulk

stolen payment card data

OAT-010 Card Cracking Identify missing start/expiry dates and security codes for stolen payment card

data by trying different values

OAT-012 Cashing Out Buy goods or obtain cash utilising validated stolen payment card or other user

account data

OAT-007 Credential Cracking Identify valid login credentials by trying different values for usernames and/or

passwords

OAT-015 Denial of Service Target resources of the application and database servers, or individual user

accounts, to achieve denial of service (DoS)

OAT-006 Expediting Perform actions to hasten progress of usually slow, tedious or time-consuming

actions

OAT-004 Fingerprinting Elicit information about the supporting software and framework types and

versions

OAT-018 Footprinting Probe and explore application to identify its constituents and properties
OAT-005 Scalping Obtain limited-availability and/or preferred goods/services by unfair methods
OAT-011 Scraping Collect application content and/or other data for use elsewhere
OAT-016 Skewing Repeated link clicks, page requests or form submissions intended to alter some

metric

OAT-013 Sniping Last minute bid or offer for goods or services
OAT-017 Spamming Malicious or questionable information addition that appears in public or

private content, databases or user messages

OAT-002 Token Cracking Mass enumeration of coupon numbers, voucher codes, discount tokens, etc.
OAT-014 Vulnerability Scanning Crawl and fuzz application to identify weaknesses and possible vulnerabilities

References

  1. Watson, Colin (2015-10-26). "OWASP Automated Threat Handbook" (PDF). OWASP. OWASP. Retrieved 2016-09-10.
  2. "Security Insights: Defending Against Automated Threats | SecurityWeek.Com". www.securityweek.com. Retrieved 2016-09-18.
Categories: