Open Web Application Security Project (OWASP)
Open Web Application Security Project (OWASP) is an open community which covers all the software security related issues and has also created a space to discuss regarding the same. For aiding such discussions OWASP has also established a shared vocabulary of automated threats. It has an Automated Threat Handbook which acts as a guide that classifies and also lists the topmost 20 automated threats. Threats are grouped in four major categories which are :
Account Credentials
Payment Cardholder Data
Vulnerability Identification
Automated threats
Top 20 Automated Threats are as follows :
Account Aggregation
In Account Aggregation, Account credentials and information gets compiled into a single system. This application can be used to combine account data from multiple applications on a single application
Account Creation
This allows user to create many accounts on a single application by using the native account sign-up process.
Credential cracking
This helps in identifying valid login credentials through brute force guessing attacks
Credential Stuffing
In this threat stolen credentials from other elsewhere are tried against other applications to login into the same.
Carding
This is used to find out valuable credit card information by weeding out invalid credit/debit information.
Card Cracking
This used brute force guess work to identify missing payment card information
Cashing Out
In cashing out attack occur by using stolen card information and stealing cash
Foot-printing
This screens an application and identifies all its URL paths, parameters and values and process sequences and finds out its vulnerabilities.
Vulnerability scanning
It examines all the content locations, paths, file names, parameters etc. in order to find vulnerabilities in the application.
Fingerprinting
It sends requests to applications and generate profile of its supporting software and application
Ad Fraud
This manipulates web advertisement clicks so as to increase click counts
CAPTCHA
It is used to crack captcha by using automation
Denial Of Service
It uses bots to exhaust an application’s resources. It uses its file system, memory, processes threads, CPU and other critical resources.
Expediting
It is an automated threat in which speed up mechanism is used to game an application for individual profit. It allows actors to progress faster through series of application processes.
Scalping
It uses a automation by which goods with limited availability is obtained through unfair means and others get deprived of their access to these products
Scraping
It mainly concentrates on collecting application data, including accessible data and other data like outputs from application processes.
Skewing
This is used for activities like increasing site visitor count etc to artificially inflate/ skew an application metric
Sniping
This is an automated threat in which it performs an action like auctioning in the last possible time thereby depriving others of their chance of winning.
Spamming
This is used to send illegitimate information to databases and user messages thereby boosting SEO or disseminating malware and other such purposes.
Token Cracking
It is used to win cash by identifying coupon numbers and voucher codes through brute force algorithms.