en Automated threat

An automated threat is a type of computer security threat to a computer network or web application, characterised by the malicious use of automated tools such as Internet bots.^[1] Automated threats are popular on the internet as they can complete large amounts of repetitive tasks with almost no cost to execute.^[2]

Threat ontology

The OWASP Automated Threat Handbook provides a threat ontology list for classifying automated threats, which are enumerated below.

Identity Code	Name	Defining characteristics
OAT-020	Account Aggregation	Use by an intermediary application that collects together multiple accounts and interacts on their behalf
OAT-019	Account Creation	Create multiple accounts for subsequent misuse
OAT-003	Ad Fraud	False clicks and fraudulent display of web-placed advertisements
OAT-009	CAPTCHA Bypass	Solve anti-automation tests
OAT-001	Carding	Multiple payment authorisation attempts used to verify the validity of bulk stolen payment card data
OAT-010	Card Cracking	Identify missing start/expiry dates and security codes for stolen payment card data by trying different values
OAT-012	Cashing Out	Buy goods or obtain cash utilising validated stolen payment card or other user account data
OAT-007	Credential Cracking	Identify valid login credentials by trying different values for usernames and/or passwords
OAT-015	Denial of Service	Target resources of the application and database servers, or individual user accounts, to achieve denial of service (DoS)
OAT-006	Expediting	Perform actions to hasten progress of usually slow, tedious or time-consuming actions
OAT-004	Fingerprinting	Elicit information about the supporting software and framework types and versions
OAT-018	Footprinting	Probe and explore application to identify its constituents and properties
OAT-005	Scalping	Obtain limited-availability and/or preferred goods/services by unfair methods
OAT-011	Scraping	Collect application content and/or other data for use elsewhere
OAT-016	Skewing	Repeated link clicks, page requests or form submissions intended to alter some metric
OAT-013	Sniping	Last minute bid or offer for goods or services
OAT-017	Spamming	Malicious or questionable information addition that appears in public or private content, databases or user messages
OAT-002	Token Cracking	Mass enumeration of coupon numbers, voucher codes, discount tokens, etc.
OAT-014	Vulnerability Scanning	Crawl and fuzz application to identify weaknesses and possible vulnerabilities

References

^ Watson, Colin (2015-10-26). "OWASP Automated Threat Handbook" (PDF). OWASP. OWASP. Retrieved 2016-09-10.
^ "Security Insights: Defending Against Automated Threats | SecurityWeek.Com". www.securityweek.com. Retrieved 2016-09-18.

[1] Watson, Colin (2015-10-26). "OWASP Automated Threat Handbook" (PDF). OWASP. OWASP. Retrieved 2016-09-10.

[2] "Security Insights: Defending Against Automated Threats | SecurityWeek.Com". www.securityweek.com. Retrieved 2016-09-18.

[1]

[2]

Agama	Bahasa	Biografi	Budaya	Ekonomi	Elektronika
Film	Filsafat	Geografi	Indonesia	Ilmu	Lingkungan
Masyarakat	Matematika	Militer	Mitologi	Musik	Olahraga
Pendidikan	Politik	Sastra	Sejarah	Seni	Teknologi

Automated threat

Threat ontology

References

Portal di Ensiklopedia Dunia