OWASP Automated Threats to Web Applications Summary of Research for Ontology (Threats and Attacks, with Some Vulnerabilities and Outcomes)

Home , Carding (fraud)

OWASP Automated Threats to Web Applications Summary of research for ontology (threats and attacks, with some vulnerabilities and outcomes) ...... OWASP Automated Threats to Web Applic...... ations Project

Ticket Scalping

Auction Sniping Restaurant Booking Reservation Systems Speed Booking

Junk Mail Spam Sale Another Form to Email Queue Stampede Network Application Spam Sniping & Jumping Enumeration Data Modification Scalping Spoiler Coupon/Voucher/ Vulnerability Sniffing Physical Discount Enumeration Scanning Reputation Form to SMS World Check Spam Reverse Effects Lookup Attack Game Hacking Vulnerability Internal System Scanning Network Phishing Ping Enumeration Denial of Service Back Bitcoin Anti-Spam Form Prize Draws Mining Cheating Check DoS Hijacking Bot Bot Reverse Shell DNS Amplification Purchasing Spamming Proxy Network Command & Amplification SMTP Control Server Attack (490) Amplification Denial of Service External System Game Playing NTP Client Amplification Application Process Trading Automation

Betting Anti-Automation Bypass

Price Bargain Gold Farming Hit Counts Monitoring Hunting Server Application

Adverts Adverts

CAPTCHA Click Breaking Impression Fraud Application Fraud Likes & Response/Blog/ Favourites Attack Comment Spam Platform

Plugin System Component Biasing Complaints Theme Generation Metrics Vulnerable Survey Third-Party Micro Component Refunds Fraud Consultations Hosted Content Deposits Host Payment Diversion Changed Polls Affilliate Reflection Server Code Injection Revenue Collecting Redirection Voting Auto Binding Money Refunds Election

Unauthorised Cancelations Warez Application eShopLifting SMS

IFrame Distribution Returns Misuse as a Cashing Email Distribution Unauthorised Fraud Pricing File Store Fake Out (162) Channel Spam Malware Account Account Opponent Content Lockout (2) Disruption Advertisements Addition Operator Ransomware Photographs and Videos Carding Application Undermine Application Imagecrash Reputation History Payment Stolen Tampering User Card Abuse Excessive Assets Worm User-Specific Anti-Fraud Add/Change Brute Forcing Measures Child DoS Abuse User Generated Data Enhance Gain Reputation Content Malicious Memory Fame Malicious Software Modification Cache Software Download Poisoning Boy in the Dilute/Hide Update (185) Influence Browser Others' Untrusted Others (186) Posts Code Search Advert Referrer Cause Engine Mischief Blacklisting Injection Change Spam SEO Functional Elevation Malware Speed Uptime Non-Functional Sold Out Automated Posts Black Hat Allocation Black Hat SEM Man-in-the Gone SEO Link Web Browser Checking Browser Testing Account Tools (211) Chargeback Sevice/Goods Hijacking Disruption DoS DoS Brute-Force Monitoring (49) Spoofed or Cracked Blacklisting Automated Social Login Disablement Auditing Dictionary Client Internet Function Code Injection Mappers Abuse Usernames Loop Guessing Cracking Counter Form Logins Tampering Search Engine Slashdot Alerting Tools Search Engines Traffic Effect Object Permissions Business Creation Abuse Shared Data Spikes Control by Passwords HTML Logic DoS User Input Inventory Password Session Injection (124) Social Media Authentication Size Recovery Hijacking Search Engine Bots & Service (50) Bypass Configuration Crawl Agents Acts of God Poor File Malicious Data Upload Feed Configuration Resource Software Locking Credential Modification Fetcher Parameter Implanted Marketing Parameter Search Engine Inefficient Tampering Names Backdoor Code/Queries Hash DoS Stuffing (439) Impersonation Data Parameter Parsing System Account Bandwidth Regular Expression Trademarks Forceful Browsing Values Credential Theft Credentials Application Auto Stealing Exponential Blowup Files and Directories Fuzzing (492) Modification Binding (87) (113) Sustained Client SOAP Array Forced Intellectual RIA Policy Application Methods Engagement (227) Blowup (493) Deadlock (25) Failure to Property Theft Abuse Reflection Release Resources Analysis Injection XML Entity Resource Excessive Harvesting/ Debug and Exposed Expansion Session Data Testing Options Reflection Copyright Theft Authentication & Exhaustion Trade API and Micro-Service (133) XML Attribute Secrets Session Management Indexing Blowup Discovery (179) Analysis Denial Of Reverse WDSL Service Layer 7 Database Buffer Scanning (95) Site Masquerading Read/Write Business Cryptanalysis Engineering Application DoS Overflow Information Theft (97) Cyber Squatting (188, 189, 192) Memory Application Server Scanning Resource DoS Monitor Temporary Memory Files (155) DNS Spoofing (130) Memory Threads Examine Logic Memory Leak (131) Dev/Test DNS Update Corruption (124) Systems DNS Processes Memory Source Code (121) Scraping DNS Query Attacks Extraction XML (167) Flood Database Asset Intermediary CPU Scraping Extraction Language DNS Transfer Translation Content XML Entity Content Scraping Expansion (197) XML Attribute Cache Blowup (229) Web Application Web Pharming Firewall (WAF) XML Ping Scraping Device-Specific Account of Death (147) Rendering Aggregation AppSensor XML Quadratic XML Entity Social Expansion (491) Blowup (201) User Generated Powering Networks File Content (Files) Media API System

Scraping Public Financial Temporary Files Comparison Information Portfolios Selling Defence Sites Counterfeit Goods DoS Human Resources Disk Caching Trojans & Financial Toolkits Transactions Logs Feed Operating System Fetchers Duplicated Transaction Delivery Data Aggregation Application Cost Charges Costs Social Media Escalation Bots & Service Agents

Cloud Security Service Provider IT Service Indexers & Approved Pagejacking Provider Charges Competitors Search Crawlers Aggregators Auto-Scaling Other Security Cloud Services Researchers Phishing Service Provider 'Cash Overflow' Third-Party Hosted Personal Service Data Misuse Bandwidth Content Distribution Data Network Mining Spear Phishing Third Party Grooming Reidentification DoS Third-Party Attack Hosted Content Individual Layer 7 HTTP DoS

Bullying Privacy Cookie Violation Accuracy Stuffing Degradation

Browser/Device Fingerprinting User Tracking Illegitamage Personal Data Virtual SSL Processing Locations Flood Evercookie Mass (489) (464) Surveillance Physical Locations Uncolicited Communications Search History HTTP Target Acquisition/ Flood Attacks Fingerprinting (170) (448)

Fiat Money Weakness Identification & Exploitation HEAD GET POST PUSH Flood Flood Flood Flood

Credit Footprinting (169)

Online & Financial Instruments Random URL Simple Recursive Random Search Offline Scams Personal Asset Theft HTTP Customer/ Personal Exploitation Browser Client/Citizen Reputation Vulnerability Verification Man-on-the-Side Theft Data Theft History Slow Attacks LOIC Scanning (116)

Criminal Email Address Status Active Harvesting Identity Financial Passive Fraud Virtual Assets Score Medical Slow GET Slow POST Slowloris Slow HEAD Slow Read

Account Virtual Currency Account Credential Username Theft Identity Harvesting Awards and Points Railgun Theft Physical Identity Illegal Assets Immigration Vulnerability Exploitation Trafficking

Social Media Human Identity Cloning Attack Trafficking Persistence

Drug Endangered Species Trafficking Trafficking

Open Redirect Client Server Application Client Access Application Trojaning

Defacement

Client-Side CORSjacking & Directory Local File Remote File CORS SQL Widget & Gadget XSS CSRF Remote File ClickJacking Traversal Include Include Abuse Injection Abuse Include Content Web Sockets Web Storage & Web Messaging & Web Cache Cross-Site SQL Spoofing Abuse DOM Extraction Workers Injection Poisoning CSRF Posting Injection OS Command Injection

HTML Text injection Injection

v1.00 https://www.owasp.org/index.php/OWASP_Automated_Threats_to_Web_Applications