Attack / Abuse / Vulnerability



Abuse

Abuse detection mechanism are generally based on: rate limiting. behavioral analysis or machine learning. ie: scoring every request by how different it is from the baseline. a sort of bot score fo...

Badbot

... Bad Bot are robots / user (attacker) with bad intentions. Usage They walk through pages trying to find a form and to fill them trying: to send email in mass to create a fake account (to be abl...

Brute

brut force attack is another word for password guessing. This is a brut attack. List Protection Firewall Password Strong password Wait time after false attempt

Clickjacking

A page that provides users with an interface to perform actions that the user might not wish to perform needs to be designed so as to avoid the possibility that users can be tricked into activating th...

Csrf

A Cross-site request forgery (CSRF) is: a http request made by real users unknowingly with the help of the browser from a website to another target website (ie making the request a cross-site or ...

Ddos

Denial of Service attacks (Ddos) About The goal of a Denial-of-service_attack is to send request to a server that will bring it down. The request that needs a lot of CPU are the most vulnerable (su...

Fake

Web Security - Fake Form Submission (Signup,..) About Spam or fake form submissions can be made by: * a bot (spambot) * and a human Example of form: * newsletter Sign-up * Account Sign-up...

Image Bomb

image bomb is a DDOS attack that targets image api. Image processing are quite heavy and the server CPU will be overwhelmed pretty loaded. and if the result is cached, the storage may go up pretty q...

Injection

An injection attack is when the attack pass to a program via its input some code that: modify the behavior or is executed Articles Related

Password Guessing

Password guessing is a common type of security attack. In this type of attack, a hacker attempts to log in to a computer using various combinations of usernames and passwords. The best method to prev...

Rainbow

A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Rainbow tables are one tool that has been developed to derive a password by loo...

Session Fixation

A session fixation attack proceeds in three steps. First, the attacker transplants a session identifier from his or her user agent to the victim's user agent. Second, the victim uses that session id...

Software

In order to assess the security of an application, security testing software are used and may acts as: workload generator forward proxy

Sql Injection

When the program create SQL statement with some input, an sql injection attack can modify the SQL behavior by injecting (ie modify it) a piece of SQL in the input. Articles Related Example Below is an...

Xss

cross-site scripting (XSS) is a injection security vulnerability that happens when external javascript code is injected in the page via user input. Injected JavaScript can then steal authentication to...


Powered by ComboStrap