![]() ![]() Furthermore, they are not enumerated or defined adequately in existing dictionaries. Most of these problems seen regularly by web application owners are not listed in any OWASP Top Ten or other top issue list. Frequently these have sector-specific names. Also, excessive misuse is commonly mistakenly reported as application denial-of-service (DoS) like HTTP-flooding, when in fact the DoS is a side-effect instead of the primary intent. Often these events relate to misuse of inherent valid functionality, rather than the attempted exploitation of unmitigated vulnerabilities. Web applications are subjected to unwanted automated usage – day in, day out. Like all OWASP outputs, everything is free and published using an open source license. The project also identifies symptoms, mitigations and controls in this problem area. The initial objective was to produce an ontology providing a common language for developers, architects, operators, business owners, security engineers, purchasers and suppliers/ vendors, to facilitate clear communication and help tackle the issues. The OWASP Automated Threats to Web Applications Project has completed a review of reports, academic and other papers, news stories and vulnerability taxonomies/listings to identify, name and classify these scenarios – automated by software causing a divergence from accepted behavior producing one or more undesirable effects on a web application, but excluding tool-based exploitation of single-issue vulnerabilities.
0 Comments
Leave a Reply. |