The OWASP® Foundation published this “Automated Threat Handbook” for actionable information and resources to help defend against automated threats to web applications

This automated threat handbook is the output of the OWASP Automated Threats to Web Application project. It is the category of an OWASP incubator project. The project creates information and other resources for the architecture of software, developers as well as testers and others to help defend against automated threats.

In the course of the research, analysis, and some deliberation with peers, we have come up with twenty threat actions that appeared in v1.0, now 21 in v1.2, which are classified by sector targeted, parties affected, and data commonly misused. 

The list of automated threat event scenarios caused by software that serve as a cause for divergence from accepted norms for desired effects on web applications and causation of undesirable consequences is the ontology. The above omits from its list the utilities available for path analysing through the weaknesses involving the instrumentation of a single speciality.

The translated table threat types are given in the pages in the beige colour at the end of this guidebook. The descriptions in the final part of the handbook list the threat events according to the sectors attacked, parties under the influence and data that vulnerability involves.

Every threat event is associated with Mitre CAPEC, WASC Threat Classification, Mitre Common Weakness Enumeration, and the configurations on OWASP wiki making the titles of the attacks.

Reusable access attacks such as account aggregation, account creation, ad fraud, CAPTCHA defeat, carding, card cracking, cashing out, credential cracking, credential stuffing, denial of inventory, denial of service, and acceleration are the upcoming threats. The authors provide definitions that should help to improve the accuracy of the words used and the clarity of the goals of these threats. However, it also presents the list including the tools of detection and prevention of automated threats.

Leave a Comment