Título: Documentos muy interesantes sobre vulnerabilidades web de el WASC y OWASP
Publicado por: T0rete en 6 Enero 2010, 22:16 pm
Leo en securitybydefault.com que el WASC (Web Application Security Consortium) ha publicado la segunda versión de su clasificación de amenazas web. http://projects.webappsec.org/Threat-Classification-Enumeration-View Attacks - Abuse of Functionality (http://webappsec.pbworks.com/Abuse-of-Functionality)
- Brute Force (http://webappsec.pbworks.com/Brute-Force)
- Buffer Overflow (http://webappsec.pbworks.com/Buffer-Overflow)
- Content Spoofing (http://webappsec.pbworks.com/Content-Spoofing)
- Credential/Session Prediction (http://webappsec.pbworks.com/Credential-and-Session-Prediction)
- Cross-Site Scripting (http://webappsec.pbworks.com/Cross-Site+Scripting)
- Cross-Site Request Forgery (http://webappsec.pbworks.com/Cross-Site-Request-Forgery)
- Denial of Service (http://webappsec.pbworks.com/Denial-of-Service)
- Fingerprinting (http://webappsec.pbworks.com/Fingerprinting)
- Format String (http://webappsec.pbworks.com/Format-String)
- HTTP Response Smuggling (http://webappsec.pbworks.com/HTTP-Response-Smuggling)
- HTTP Response Splitting (http://webappsec.pbworks.com/HTTP-Response-Splitting)
- HTTP Request Smuggling (http://webappsec.pbworks.com/HTTP-Request-Smuggling)
- HTTP Request Splitting (http://webappsec.pbworks.com/HTTP-Request-Splitting)
- Integer Overflows (http://webappsec.pbworks.com/Integer-Overflows)
- LDAP Injection (http://webappsec.pbworks.com/LDAP-Injection)
- Mail Command Injection (http://webappsec.pbworks.com/Mail-Command-Injection)
- Null Byte Injection (http://webappsec.pbworks.com/Null-Byte-Injection)
- OS Commanding (http://webappsec.pbworks.com/OS-Commanding)
- Path Traversal (http://webappsec.pbworks.com/Path-Traversal)
- Predictable Resource Location (http://webappsec.pbworks.com/Predictable-Resource-Location)
- Remote File Inclusion (http://webappsec.pbworks.com/Remote-File-Inclusion) (RFI (http://webappsec.pbworks.com/Remote-File-Inclusion))
- Routing Detour (http://webappsec.pbworks.com/Routing-Detour)
- Session Fixation (http://webappsec.pbworks.com/Session-Fixation)
- SOAP Array Abuse (http://webappsec.pbworks.com/SOAP-Array-Abuse)
- SSI Injection (http://webappsec.pbworks.com/SSI-Injection)
- SQL Injection (http://webappsec.pbworks.com/SQL-Injection)
- URL Redirector Abuse (http://webappsec.pbworks.com/URL-Redirector-Abuse)
- XPath Injection (http://webappsec.pbworks.com/XPath-Injection)
- XML Attribute Blowup (http://webappsec.pbworks.com/XML-Attribute-Blowup)
- XML External Entities (http://webappsec.pbworks.com/XML-External-Entities)
- XML Entity Expansion (http://webappsec.pbworks.com/XML-Entity-Expansion)
- XML Injection (http://webappsec.pbworks.com/XML-Injection)
- XQuery Injection (http://webappsec.pbworks.com/XQuery-Injection)
Weaknesses - Application Misconfiguration (http://webappsec.pbworks.com/Application-Misconfiguration)
- Directory Indexing (http://webappsec.pbworks.com/Directory-Indexing)
- Improper Filesystem Permissions (http://webappsec.pbworks.com/Improper-Filesystem-Permissions)
- Improper Input Handling (http://webappsec.pbworks.com/Improper-Input-Handling)
- Improper Output Handling (http://projects.webappsec.org/Improper-Output-Handling)
- Information Leakage (http://webappsec.pbworks.com/Information-Leakage)
- Insecure Indexing (http://webappsec.pbworks.com/Insecure-Indexing)
- Insufficient Anti-automation (http://webappsec.pbworks.com/Insufficient+Anti-automation)
- Insufficient Authentication (http://webappsec.pbworks.com/Insufficient-Authentication)
- Insufficient Authorization (http://webappsec.pbworks.com/Insufficient-Authorization)
- Insufficient Password Recovery (http://projects.webappsec.org/Insufficient-Password-Recovery)
- Insufficient Process Validation (http://webappsec.pbworks.com/Insufficient-Process-Validation)
- Insufficient Session Expiration (http://webappsec.pbworks.com/Insufficient-Session-Expiration)
- Insufficient Transport Layer Protection (http://webappsec.pbworks.com/Insufficient-Transport-Layer-Protection)
- Server Misconfiguration (http://webappsec.pbworks.com/Server-Misconfiguration)
Me parece una documentación muy util para cualquiera que este interesado en el estudio de las vulnerabilidades web. También os vuelvo a recordar el documento de la guia de pruebas de la OWASP que tambien considero imprescindible (documento traducido al español). http://foro.elhacker.net/nivel_web/guia_de_pruebas_de_el_proyecto_abierto_de_seguridad_en_aplicaciones_web_owasp-t261116.0.html
Título: Re: Documentos muy interesantes sobre vulnerabilidades web de el WASC y OWASP
Publicado por: Darioxhcx en 6 Enero 2010, 22:28 pm
interesante che.. gracias por el link ;D saludos
Título: Re: Documentos muy interesantes sobre vulnerabilidades web de el WASC y OWASP
Publicado por: AlbertoBSD en 6 Enero 2010, 23:36 pm
Es para tenerse en cuenta.
Saludos
Título: Re: Documentos muy interesantes sobre vulnerabilidades web de el WASC y OWASP
Publicado por: T0rete en 6 Enero 2010, 23:43 pm
Gracias por moverlo Anon, al ir a buscar mi otro post debí confundirme, evidentemente mi intención era postearlo en el foro de Nivel Web
Título: Re: Documentos muy interesantes sobre vulnerabilidades web de el WASC y OWASP
Publicado por: WHK en 7 Enero 2010, 00:30 am
ah genial, ni me habia dado cuenta del otro post xD lo veré, gracias.
Título: Re: Documentos muy interesantes sobre vulnerabilidades web de el WASC y OWASP
Publicado por: RON06 en 7 Enero 2010, 10:57 am
Muy buen aporte ;D
Saludos!!!
|