Open Web Application Security Project (OWASP) is an open community which covers all the software security related issues and has also created a space to discuss regarding the same. For aiding such discussions OWASP has also established a shared vocabulary of automated threats. It has an Automated Threat Handbook which acts as a guide that classifies and also lists the topmost 20 automated threats. Threats are grouped in four major categories which are :
Payment Cardholder Data
Top 20 Automated Threats are as follows :
In Account Aggregation, Account credentials and information gets compiled into a single system. This application can be used to combine account data from multiple applications on a single application
This allows user to create many accounts on a single application by using the native account sign-up process.
This helps in identifying valid login credentials through brute force guessing attacks
In this threat stolen credentials from other elsewhere are tried against other applications to login into the same.
This is used to find out valuable credit card information by weeding out invalid credit/debit information.
This used brute force guess work to identify missing payment card information
In cashing out attack occur by using stolen card information and stealing cash
This screens an application and identifies all its URL paths, parameters and values and process sequences and finds out its vulnerabilities.
It examines all the content locations, paths, file names, parameters etc. in order to find vulnerabilities in the application.Fingerprinting
It sends requests to applications and generate profile of its supporting software and application
This manipulates web advertisement clicks so as to increase click counts
It is used to crack captcha by using automation
Denial Of Service
It uses bots to exhaust an application’s resources. It uses its file system, memory, processes threads, CPU and other critical resources.
It is an automated threat in which speed up mechanism is used to game an application for individual profit. It allows actors to progress faster through series of application processes.
It uses a automation by which goods with limited availability is obtained through unfair means and others get deprived of their access to these products
It mainly concentrates on collecting application data, including accessible data and other data like outputs from application processes.
This is used for activities like increasing site visitor count etc to artificially inflate/ skew an application metric
This is an automated threat in which it performs an action like auctioning in the last possible time thereby depriving others of their chance of winning.
This is used to send illegitimate information to databases and user messages thereby boosting SEO or disseminating malware and other such purposes.
It is used to win cash by identifying coupon numbers and voucher codes through brute force algorithms.