Open Web Application Security Project (OWASP)

Open Web Application Security Project (OWASP) is an open community which covers all the software security related issues and has also created a space to discuss regarding the same. For aiding such discussions OWASP has also established a shared vocabulary of automated threats. It has an Automated Threat Handbook which acts as a guide that classifies and also lists the topmost 20 automated threats. Threats are grouped in four major categories which are :

Account Credentials
Payment Cardholder Data
Vulnerability Identification
Automated threats

Top 20 Automated Threats are as follows :

Account Aggregation

In Account Aggregation, Account credentials and information gets compiled into a single system. This application can be used to combine account data from multiple applications on a single application

Account Creation

This allows user to create many accounts on a single application by using the native account sign-up process.

Credential cracking

This helps in identifying valid login credentials through brute force guessing attacks

Credential Stuffing

In this threat stolen credentials from other elsewhere are tried against other applications to login into the same.

Carding

This is used to find out valuable credit card information by weeding out invalid credit/debit information.

Card Cracking

This used brute force guess work to identify missing payment card information

Cashing Out

In cashing out attack occur by using stolen card information and stealing cash

Foot-printing

This screens an application and identifies all its URL paths, parameters and values and process sequences and finds out its vulnerabilities.

Vulnerability scanning

It examines all the content locations, paths, file names, parameters etc. in order to find vulnerabilities in the application.

Fingerprinting

It sends requests to applications and generate profile of its supporting software and application

Ad Fraud

This manipulates web advertisement clicks so as to increase click counts

CAPTCHA

It is used to crack captcha by using automation

Denial Of Service

It uses bots to exhaust an application’s resources. It uses its file system, memory, processes threads, CPU and other critical resources.

Expediting

It is an automated threat in which speed up mechanism is used to game an application for individual profit. It allows actors to progress faster through series of application processes.

Scalping

It uses a automation by which goods with limited availability is obtained through unfair means and others get deprived of their access to these products

Scraping

It mainly concentrates on collecting application data, including accessible data and other data like outputs from application processes.

Skewing

This is used for activities like increasing site visitor count etc to artificially inflate/ skew an application metric

Sniping

This is an automated threat in which it performs an action like auctioning in the last possible time thereby depriving others of their chance of winning.

Spamming

This is used to send illegitimate information to databases and user messages thereby boosting SEO or disseminating malware and other such purposes.

Token Cracking

It is used to win cash by identifying coupon numbers and voucher codes through brute force algorithms.