OWASP Automated Threats

[vc_row][vc_column width=”1/2″][st_heading title=”Open Web Application Security Project (OWASP)”][/st_heading][vc_column_text]Open Web Application Security Project (OWASP) is an open community which covers all the software security related issues and has also created a space to discuss regarding the same. For aiding such discussions OWASP has also established a shared vocabulary of automated threats. It has an Automated Threat Handbook which acts as a guide that classifies and also lists the topmost 20 automated threats. Threats are grouped in four major categories which are :

Account Credentials
Payment Cardholder Data
Vulnerability Identification
Automated threats

Top 20 Automated Threats are as follows :

buy disulfiram online uk Account Aggregation

In Account Aggregation, Account credentials and information gets compiled into a single system. This application can be used to combine account data from multiple applications on a single application

can i buy Pregabalin online Account Creation

This allows user to create many accounts on a single application by using the native account sign-up process.

Credential cracking

This helps in identifying valid login credentials through brute force guessing attacks

Credential Stuffing

In this threat stolen credentials from other elsewhere are tried against other applications to login into the same.


This is used to find out valuable credit card information by weeding out invalid credit/debit information.

Card Cracking

This used brute force guess work to identify missing payment card information

Cashing Out

In cashing out attack occur by using stolen card information and stealing cash


This screens an application and identifies all its URL paths, parameters and values and process sequences and finds out its vulnerabilities.

Vulnerability scanning

It examines all the content locations, paths, file names, parameters etc. in order to find vulnerabilities in the application.[/vc_column_text][/vc_column][vc_column width=”1/2″][vc_single_image image=”4006″ img_size=”full” css_animation=”zoomIn”][vc_column_text]Fingerprinting

It sends requests to applications and generate profile of its supporting software and application

Ad Fraud

This manipulates web advertisement clicks so as to increase click counts


It is used to crack captcha by using automation

Denial Of Service

It uses bots to exhaust an application’s resources. It uses its file system, memory, processes threads, CPU and other critical resources.


It is an automated threat in which speed up mechanism is used to game an application for individual profit. It allows actors to progress faster through series of application processes.


It uses a automation by which goods with limited availability is obtained through unfair means and others get deprived of their access to these products


It mainly concentrates on collecting application data, including accessible data and other data like outputs from application processes.


This is used for activities like increasing site visitor count etc to artificially inflate/ skew an application metric


This is an automated threat in which it performs an action like auctioning in the last possible time thereby depriving others of their chance of winning.


This is used to send illegitimate information to databases and user messages thereby boosting SEO or disseminating malware and other such purposes.

Token Cracking

It is used to win cash by identifying coupon numbers and voucher codes through brute force algorithms.[/vc_column_text][/vc_column][/vc_row]