DOCSLIB.ORG

Automated Threat Handbook Web Applications

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Automated Threat Handbook Web Applications ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ...............................................................................................................................OWASP ............................................................................................................................... ...............................................................................................................................Automated Threat Handbook ............................................................................................................................... ...............................................................................................................................Web Applications ............................................................................................................................... ............................................................................................................................... ...............................................................................................................................Version 1.2 ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... ............................................................................................................................... OWASP Automated Threat Handbook Web Applications .......................................................................................................................................... ...................................................................................................................................................... Open Web Application Security Project .......................................................................................................................................... OWASP Automated Threat Handbook Web Applications The OWASP Automated Threat Handbook provides actionable information and resources to help defend against automated threats to web applications Authors Colin Watson and Tin Zaw Project Reviewers Igor Andriushchenko, Gabriel Mendez Justiniano and Matt Tesauro Other Project Contributors Jason Chan, Mark Hall, Andrew van der Stock and Roland Weber, everyone else who contributed information anonymously, and the authors of the referenced information sources; v1.2: Sumit Agarwal and Omri Iluz Version 1.2 published 15th February 2018 ISBN 978-1-329-42709-9 © 2015-2018 OWASP Foundation This document is licensed under the Creative Commons Attribution-ShareAlike 3.0 license ...................................................................................................................................................... v1.2 OWASP Automated Threat Handbook Web Applications .......................................................................................................................................... ...................................................................................................................................................... Open Web Application Security Project Contents .......................................................................................................................................... Prefaces ....................................................1 Terminology ................................................4 Introduction ................................................5 Research....................................................7 The Ontology ...............................................9 Figure 1: Threat Events, ordered by ascending name........................10 Figure 2: Subset related to Account Credentials ............................11 Figure 3: Subset related to Payment Cardholder Data .......................11 Figure 4: Subset related to Vulnerability Identification ......................11 Figure 5: Subset related to Availability of Inventory .........................11 Figure 6: WASC Threat Classification view of the Threat Events...............12 Figure 7: Mitre CAPEC view of the Threat Events ............................13 Countermeasures ..........................................19 Figure 8: Automated Threat Countermeasure Classes .......................20 Use Case Scenarios .........................................23 Project Details..............................................26 Handbook Roadmap .......................................27 Automated Threat Event Reference ..........................28
Load more

Recommended publications
  • Adversarial Web Search by Carlos Castillo and Brian D
    Foundations and TrendsR in Information Retrieval Vol. 4, No. 5 (2010) 377–486 c 2011 C. Castillo and B. D. Davison DOI: 10.1561/1500000021 Adversarial Web Search By Carlos Castillo and Brian D. Davison Contents 1 Introduction 379 1.1 Search Engine Spam 380 1.2 Activists, Marketers, Optimizers, and Spammers 381 1.3 The Battleground for Search Engine Rankings 383 1.4 Previous Surveys and Taxonomies 384 1.5 This Survey 385 2 Overview of Search Engine Spam Detection 387 2.1 Editorial Assessment of Spam 387 2.2 Feature Extraction 390 2.3 Learning Schemes 394 2.4 Evaluation 397 2.5 Conclusions 400 3 Dealing with Content Spam and Plagiarized Content 401 3.1 Background 402 3.2 Types of Content Spamming 405 3.3 Content Spam Detection Methods 405 3.4 Malicious Mirroring and Near-Duplicates 408 3.5 Cloaking and Redirection 409 3.6 E-mail Spam Detection 413 3.7 Conclusions 413 4 Curbing Nepotistic Linking 415 4.1 Link-Based Ranking 416 4.2 Link Bombs 418 4.3 Link Farms 419 4.4 Link Farm Detection 421 4.5 Beyond Detection 424 4.6 Combining Links and Text 426 4.7 Conclusions 429 5 Propagating Trust and Distrust 430 5.1 Trust as a Directed Graph 430 5.2 Positive and Negative Trust 432 5.3 Propagating Trust: TrustRank and Variants 433 5.4 Propagating Distrust: BadRank and Variants 434 5.5 Considering In-Links as well as Out-Links 436 5.6 Considering Authorship as well as Contents 436 5.7 Propagating Trust in Other Settings 437 5.8 Utilizing Trust 438 5.9 Conclusions 438 6 Detecting Spam in Usage Data 439 6.1 Usage Analysis for Ranking 440 6.2 Spamming Usage Signals 441 6.3 Usage Analysis to Detect Spam 444 6.4 Conclusions 446 7 Fighting Spam in User-Generated Content 447 7.1 User-Generated Content Platforms 448 7.2 Splogs 449 7.3 Publicly-Writable Pages 451 7.4 Social Networks and Social Media Sites 455 7.5 Conclusions 459 8 Discussion 460 8.1 The (Ongoing) Struggle Between Search Engines and Spammers 460 8.2 Outlook 463 8.3 Research Resources 464 8.4 Conclusions 467 Acknowledgments 468 References 469 Foundations and TrendsR in Information Retrieval Vol.
    [Show full text]
  • Get Your Site Indexed
    Get Your Site Indexed ● Three basic questions from this chapter: – What if your site is not indexed? – How many pages on your site are indexed? – How do you get more pages indexed? Fall 2006 Davison/Lin CSE 197/BIS 197: Search Engine Strategies 10-1 What If Your Site Is Not Indexed? ● Are you certain it is not indexed? – Look for a PageRank bar in the Google Toolbar – Perform a site: search in Google/Yahoo/Ask/MSN Fall 2006 Davison/Lin CSE 197/BIS 197: Search Engine Strategies 10-2 What If Your Site Is Not Indexed? ● Verify your site is not banned or penalized – Has the number of your pages in the search engine decreased recently? – Can you only find your home page via a direct search with the URL? (not with relevant queries?) ● Search engines publish guidelines against spamming techniques – e.g., Google – What is search engine spam? Fall 2006 Davison/Lin CSE 197/BIS 197: Search Engine Strategies 10-3 Search Engine Spam Sometimes also known as web spam, spamdexing ● The use of techniques to manipulate search engines, typically to generate undeservedly high search engine result page rankings. – Cloaking (including hidden text, redirection) – Keyword stuffing – Link farms, link exchanges, web rings – Comment spam, referrer spam – Link bombing (a.k.a., googlebombing, “miserable failure”, “out of touch executives”) – Blog spam (splogs) ● Methods you want to avoid! Fall 2006 Davison/Lin CSE 197/BIS 197: Search Engine Strategies 10-4 Cloaking Example Examples credit: Kumar Chellapilla, Microsoft Live Labs Fall 2006 Davison/Lin CSE 197/BIS 197:
    [Show full text]
  • A Survey on Adversarial Information Retrieval on the Web
    A Survey on Adversarial Information Retrieval on the Web Saad Farooq CS Department FAST-NU Lahore [email protected] Abstract—This survey paper discusses different forms of get the user to divulge their personal information or financial malicious techniques that can affect how an information details. Such pages are also referred to as spam pages. retrieval model retrieves documents for a query and their remedies. In the end, we discuss about spam in user-generated content, including in blogs and social media. Keywords—Information Retrieval, Adversarial, SEO, Spam, Spammer, User-Generated Content. II. WEB SPAM I. INTRODUCTION Web spamming refers to the deliberate manipulation of The search engines that are available on the web are search engine indexes to increase the rank of a site. Web frequently used to deliver the contents to users according to spam is a very common problem in search engines, and has their information need. Users express their information need existed since the advent of search engines in the 90s. It in the form of a bag of words also called a query. The search decreases the quality of search results, as it wastes the time engine then analyzes the query and retrieves the documents, of users. Web spam is also referred to as spamdexing (a images, videos, etc. that best match the query. Generally, all combination of spam and indexing) when it is done for the search engines retrieve the URLs, also simply referred to as sole purpose of boosting the rank of the spam page. links, of contents. Although, a search engine may retrieve thousands of links against a query, yet users are only There are three main categories of Web Spam [1] [2].
    [Show full text]
  • A Survey on Web Spam and Spam 2.0
    International Journal of Advanced Computer Research (ISSN (print): 2249-7277 ISSN (online): 2277-7970) Volume-4 Number-2 Issue-15 June-2014 A Survey on Web Spam and Spam 2.0 Ashish Chandra1, Mohammad Suaib2 Abstract 2. Search Engine Spamming In current scenario web is huge, highly distributive, According to Fetterly [3] "web pages that hold no open in nature and changing rapidly. The open actual information value but created to lure web nature of web is the main reason for rapid growth searches to sites that would otherwise not visited". but it has imposed a challenge to Information Retrieval. The one of the biggest challenge is spam. 2.1 Search Engine Result Ranking We focus here to have a study on different forms of Search engines rank pages to search result according the web spam and its new variant called spam 2.0, to two main features. Relevancy of page with respect existing detection methods proposed by different to query (Dynamic Ranking) and Authoritativeness researches and challenges that are still unanswered. of the page (Static Ranking). Keywords Dynamic Ranking is calculated at query time. It depends on query, user's location, day, time, query Web spam, web 2.0, web spam 2.0, search engine, search history, location of page etc. Static Ranking engine ranking, social media spam. involves query independent features of the page to avoid spam. It is pre-computed at index- time. Some 1. Introduction among few hundred features are: Total length of the content, The term Spamming is defined by Gyongyi (2005)[1] Frequency of keyword (most frequent as: any deliberate action solely to boost ranking of a words), web page is known as spamming.
    [Show full text]
  • A Quantitative Study of Forum Spamming Using Context-Based Analysis
    A Quantitative Study of Forum Spamming Using Context-based Analysis Yuan Niu†, Yi-Min Wang‡, Hao Chen†, Ming Ma‡, and Francis Hsu† †University of California, Davis {niu,hchen,hsuf}@cs.ucdavis.edu ‡Microsoft Research, Redmond {ymwang,mingma}@microsoft.com Abstract forums range from the older message boards and guestbooks to the newer blogs and wikis. Since forums are designed to facilitate collaborative content Forum spamming has become a major means of search contribution, they become attractive targets for engine spamming. To evaluate the impact of forum spammers. For example, spammers have created spam spamming on search quality, we have conducted a blogs (splogs) and have injected spam comments into comprehensive study from three perspectives: that of legitimate forums (See Table A1 in Appendix for the search user, the spammer, and the forum hosting sample spammed forums). Compared to the site. We examine spam blogs and spam comments in “propagandist” methods of web spamming through the both legitimate and honey forums. Our study shows use of link farms 2 [16], forum spamming poses new that forum spamming is a widespread problem. challenges to search engines because (1) it is easy and Spammed forums, powered by the most popular often free to create forums and to post comments in software, show up in the top 20 search results for all processes that can often be automated, and (2) search the 189 popular keywords. On two blog sites, more engines cannot simply blacklist forums that contain than half (75% and 54% respectively) of the blogs are spam comments because these forums may be spam, and even on a major and reputably well 1 legitimate and contain valuable information.
    [Show full text]
  • Digital Marketing Handbook
    Digital Marketing Handbook PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information. PDF generated at: Sat, 17 Mar 2012 10:33:23 UTC Contents Articles Search Engine Reputation Management 1 Semantic Web 7 Microformat 17 Web 2.0 23 Web 1.0 36 Search engine optimization 37 Search engine 45 Search engine results page 52 Search engine marketing 53 Image search 57 Video search 59 Local search 65 Web presence 67 Internet marketing 70 Web crawler 74 Backlinks 83 Keyword stuffing 85 Article spinning 86 Link farm 87 Spamdexing 88 Index 93 Black hat 102 Danny Sullivan 103 Meta element 105 Meta tags 110 Inktomi 115 Larry Page 118 Sergey Brin 123 PageRank 131 Inbound link 143 Matt Cutts 145 nofollow 146 Open Directory Project 151 Sitemap 160 Robots Exclusion Standard 162 Robots.txt 165 301 redirect 169 Google Instant 179 Google Search 190 Cloaking 201 Web search engine 203 Bing 210 Ask.com 224 Yahoo! Search 228 Tim Berners-Lee 232 Web search query 239 Web crawling 241 Social search 250 Vertical search 252 Web analytics 253 Pay per click 262 Social media marketing 265 Affiliate marketing 269 Article marketing 280 Digital marketing 281 Hilltop algorithm 282 TrustRank 283 Latent semantic indexing 284 Semantic targeting 290 Canonical meta tag 292 Keyword research 293 Latent Dirichlet allocation 293 Vanessa Fox 300 Search engines 302 Site map 309 Sitemaps 311 Methods of website linking 315 Deep linking 317 Backlink 319 URL redirection 321 References Article Sources and Contributors 331 Image Sources, Licenses and Contributors 345 Article Licenses License 346 Search Engine Reputation Management 1 Search Engine Reputation Management Reputation management, is the process of tracking an entity's actions and other entities' opinions about those actions; reporting on those actions and opinions; and reacting to that report creating a feedback loop.
    [Show full text]
  • Spamming for Science: Active Measurement in Web 2.0 Abuse Research
    Spamming for Science: Active Measurement in Web 2.0 Abuse Research Andrew G. West1, Pedram Hayati2, Vidyasagar Potdar2, and Insup Lee1 1 Department of Computer and Information Science University of Pennsylvania, Philadelphia, USA fwestand, [email protected] 2 Anti-Spam Research Lab Curtin University, Australia fp.hayati, [email protected] Abstract. Spam and other electronic abuses have long been a focus of computer security research. However, recent work in the domain has emphasized an economic analysis of these operations in the hope of un- derstanding and disrupting the profit model of attackers. Such studies do not lend themselves to passive measurement techniques. Instead, re- searchers have become middle-men or active participants in spam behav- iors; methodologies that lie at an interesting juncture of legal, ethical, and human subject (e.g., IRB) guidelines. In this work two such experiments serve as case studies: One test- ing a novel link spam model on Wikipedia and another using blackhat software to target blog comments and forums. Discussion concentrates on the experimental design process, especially as influenced by human- subject policy. Case studies are used to frame related work in the area, and scrutiny reveals the computer science community requires greater consistency in evaluating research of this nature. 1 Introduction Spam needs little introduction given estimates that 95%+ of email traffic, 75% of all blog comments, and nearly every medium of human communication has been pervaded by the practice. The growing prevalence of distributed and collab- orative models of information dissemination (i.e., Web 2.0 forums, wikis, blogs, etc.) has only expanded the battleground.
    [Show full text]
  • Cyber Security: Threats and Challenges
    Alarming Trends in Cyber Attacks z Large increases in Cybersecurity spending z Factor of 10+ increase in the past ten years Cyber Security: z Yet, security incidents continue to sky- rocket Threats and Challenges z Incidents reported by CERT Coordination Center increased by a factor of 120 in the past decade R. Sekar z 97% of participants in 2003 FBI/CSI survey reported attacks [email protected] z Malicious attacks cost companies tens of billions to clean up [Computer Economics, Trend Micro] z Many small/medium businesses are victims of cyber extortion z 17% of companies surveyed by CMU and Information Week Secure Systems Laboratory 2 Evolution of Threats Evolution of Modern Threats z World War II and earlier z First generation z Break secret messages during transmission z break into high-value systems (e.g., banks) through z Primarily the domain of nation states proprietary networks z Modern cryptography has all but eliminated this threat z criminal elements as well as rogue nations z Modern era z Second generation z Focus shifts from altering messages to breaking end- z Malware that spreads due to information sharing systems that store and process these messages z Viruses and worms z Perpetrated by hackers as a “hobby” z Third generation z Malware that spreads via the Internet z Email viruses and Internet worms z Still, no evidence of organized or criminal elements Secure Systems Laboratory 3 Secure Systems Laboratory 4 1 Traditional Threats - Examples Current Threats (Fourth generation) z 1989 z Steal confidential information z Hackers
    [Show full text]
  • Secure Your Wordpress Website How to Protect Yourself from Hackers, Spammers, Scrappers, and Imbeciles
    Secure Your WordPress Website How to Protect Yourself from Hackers, Spammers, Scrappers, and Imbeciles Mari Kane Blogsite Studio The Articles in this ebook are copyright Mari Kane. All rights reserved. No part of any of the content of this ebook may be reproduced in any form by any means without prior written permission of Mari Kane. This ebook is licensed for your personal enjoyment only and may not be shared or re-sold If you would like to share this book with another person, please purchase an additional copy for each recipient. If you’re reading this book and did not purchase it, or it was not purchased for your use only, then please subscribe to Blogsite Studio.com to receive your own copy. Thank you for respecting the hard work of this author! This book was produced using Pressbooks.com, and PDF rendering was done by PrinceXML. Secure Your WordPress Website © Mari Kane, Blogsite Studio. All Rights Reserved, except where otherwise noted. Contents 1 INTRODUCTION 4 How to Take Control Of Your Web Presence Now 10 The Best Tips to Securing WordPress Websites and Keeping Hackers Out 15 The 27 Best WordPress Security Plugins to Prevent Hacking 21 Backup and Restore Your WordPress Site and Sleep Better at Night 29 WordPress Under Brute Force Attack: Targeting Admin Usernames 32 Use Mantras as Passwords to Achieve Web Nirvana 35 3 Ways to Protect Your Email Address From Hackers and Spammers 41 How to Kick Content Scrapers in the Balls 48 Damn that Referrer Spam from Google Analytics 53 How SSL CertiZcates Give Your URL the Cone of Silence 60 After the Hack: How to Restore Your WordPress Website 64 SOMETHING ABOUT MARI KANE ALL-RIGHTS- RESERVED 66 WORDPRESS EBOOKS BY MARI KANE ALL- RIGHTS-RESERVED SECURE YOUR WORDPRESS WEBSITE | 1 Introduction I remember a time after I started blogging when I never thought about web security.
    [Show full text]
  • Adversarial Web Search Full Text Available At
    Full text available at: http://dx.doi.org/10.1561/1500000021 Adversarial Web Search Full text available at: http://dx.doi.org/10.1561/1500000021 Adversarial Web Search Carlos Castillo Yahoo! Research Barcelona 08018 Catalunya-Spain [email protected] Brian D. Davison Lehigh University Bethlehem, PA 18015 USA [email protected] Boston { Delft Full text available at: http://dx.doi.org/10.1561/1500000021 Foundations and Trends R in Information Retrieval Published, sold and distributed by: now Publishers Inc. PO Box 1024 Hanover, MA 02339 USA Tel. +1-781-985-4510 www.nowpublishers.com [email protected] Outside North America: now Publishers Inc. PO Box 179 2600 AD Delft The Netherlands Tel. +31-6-51115274 The preferred citation for this publication is C. Castillo and B. D. Davison, Adver- sarial Web Search, Foundation and Trends R in Information Retrieval, vol 4, no 5, pp 377{486, 2010 ISBN: 978-1-60198-414-2 c 2011 C. Castillo and B. D. Davison All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, mechanical, photocopying, recording or otherwise, without prior written permission of the publishers. Photocopying. In the USA: This journal is registered at the Copyright Clearance Cen- ter, Inc., 222 Rosewood Drive, Danvers, MA 01923. Authorization to photocopy items for internal or personal use, or the internal or personal use of specific clients, is granted by now Publishers Inc. for users registered with the Copyright Clearance Center (CCC). The `services' for users can be found on the internet at: www.copyright.com For those organizations that have been granted a photocopy license, a separate system of payment has been arranged.
    [Show full text]
  • Analyzing Tor Abuse Complaints
    Analyzing Tor abuse complaints Rachee Singh Sadia Afroz University of Massachusetts Amherst UC Berkeley, ICSI 1. INTRODUCTION. Cluster Topic Top words We want to understand the characteristics of the network abuse 0 Mixed graphicsoneinc, junkemailfilter, asthma, pascal, originating from Tor. Understanding the abuse of Tor is impor- bob, die, suffers, helo, population, sun tant because website operators and content providers discriminate 1 Mixed password, failed, sshd, whois, timezone, den- against Tor users [3], in many cases, because of the abuse origi- mark, investigate, extracted, invalid, apologies nating from Tor. Akamai observed that an HTTP request from a 2 Googlegroups groups, rubin, googlegroups, broadcast, jimenez, Tor IP is 30 times more likely to be a malicious attack than one jew, steve, posting, satanic, conspiracy that comes from a non-Tor IP [1]. Cloudflare found that 94% of 3 Copyright paramount, copyright, irdeto, cert, infringement, requests from the Tor network are malicious [2]. Abuse control is notice, pgp, compliance, voxility, material crucial for the Tor network itself to maximize the benefit of anony- 4 Sent by nforce mnt, logs, furanet, htdocs, login, wp, sites, query, mous communication networks. To understand the nature of abuse zwiebelfreunde, nforce websites receive through Tor, we look at the complaints exit opera- 5 Sent by Spamcop ip, received, content, spamcop, abuse, mail, tors received while running a Tor exit. We assume that every time a thank, message, manager, mso website receives abuse through Tor the administrator of the website 6 Sent by ValueHost valuehost, administrator, index, attempts, mail, complains to the exit operator. So these complaints can be a proxy noc, abuse, yor, disturb, shared for understanding the type and frequency of abuse happen through 7 Sent by Webiron abuse, issues, webiron, mail, clients, service, ip, a Tor exit.
    [Show full text]
  • A Quantitative Study of Forum Spamming Using Context-Based Analysis
    A Quantitative Study of Forum Spamming Using Context-based Analysis A Strider Search Ranger Report Yuan Niu Yi-Min Wang Hao Chen Ming Ma Francis Hsu December 1, 2006 Technical Report MSR-TR-2006-173 Microsoft Research Microsoft Corporation One Microsoft Way Redmond, WA 98052 To appear in Proc. Network & Distributed System Security (NDSS) Symposium, Feb. 2007. A Quantitative Study of Forum Spamming Using Context-based Analysis Yuan Niu†, Yi-Min Wang‡, Hao Chen†, Ming Ma‡, and Francis Hsu† †University of California, Davis {niu,hchen,hsuf}@cs.ucdavis.edu ‡Microsoft Research, Redmond {ymwang,mingma}@microsoft.com Abstract web page where visitors may contribute content. Web forums range from the older message boards and guestbooks to the newer blogs and wikis. Since Forum spamming has become a major means of search forums are designed to facilitate collaborative content engine spamming. To evaluate the impact of forum contribution, they become attractive targets for spamming on search quality, we have conducted a spammers. For example, spammers have created spam comprehensive study from three perspectives: that of blogs (splogs) and have injected spam comments into the search user, the spammer, and the forum hosting legitimate forums (See Table A1 in Appendix for site. We examine spam blogs and spam comments in sample spammed forums). Compared to the both legitimate and honey forums. Our study shows “propagandist” methods of web spamming through the that forum spamming is a widespread problem. use of link farms2 [16], forum spamming poses new Spammed forums, powered by the most popular challenges to search engines because (1) it is easy and software, show up in the top 20 search results for all often free to create forums and to post comments in the 189 popular keywords.
    [Show full text]