Imprimir Página - Documentos muy interesantes sobre vulnerabilidades web de el WASC y OWASP

Título: Documentos muy interesantes sobre vulnerabilidades web de el WASC y OWASP
Publicado por: T0rete en 6 Enero 2010, 22:16 PM

Leo en securitybydefault.com que el WASC (Web Application Security Consortium) ha publicado la segunda versión de su clasificación de amenazas web.

http://projects.webappsec.org/Threat-Classification-Enumeration-View

Attacks

Abuse of Functionality (http://webappsec.pbworks.com/Abuse-of-Functionality)
Brute Force (http://webappsec.pbworks.com/Brute-Force)
Buffer Overflow (http://webappsec.pbworks.com/Buffer-Overflow)
Content Spoofing (http://webappsec.pbworks.com/Content-Spoofing)
Credential/Session Prediction (http://webappsec.pbworks.com/Credential-and-Session-Prediction)
Cross-Site Scripting (http://webappsec.pbworks.com/Cross-Site+Scripting)
Cross-Site Request Forgery (http://webappsec.pbworks.com/Cross-Site-Request-Forgery)
Denial of Service (http://webappsec.pbworks.com/Denial-of-Service)
Fingerprinting (http://webappsec.pbworks.com/Fingerprinting)
Format String (http://webappsec.pbworks.com/Format-String)
HTTP Response Smuggling (http://webappsec.pbworks.com/HTTP-Response-Smuggling)
HTTP Response Splitting (http://webappsec.pbworks.com/HTTP-Response-Splitting)
HTTP Request Smuggling (http://webappsec.pbworks.com/HTTP-Request-Smuggling)
HTTP Request Splitting (http://webappsec.pbworks.com/HTTP-Request-Splitting)
Integer Overflows (http://webappsec.pbworks.com/Integer-Overflows)
LDAP Injection (http://webappsec.pbworks.com/LDAP-Injection)
Mail Command Injection (http://webappsec.pbworks.com/Mail-Command-Injection)
Null Byte Injection (http://webappsec.pbworks.com/Null-Byte-Injection)
OS Commanding (http://webappsec.pbworks.com/OS-Commanding)
Path Traversal (http://webappsec.pbworks.com/Path-Traversal)
Predictable Resource Location (http://webappsec.pbworks.com/Predictable-Resource-Location)
Remote File Inclusion (http://webappsec.pbworks.com/Remote-File-Inclusion) (RFI (http://webappsec.pbworks.com/Remote-File-Inclusion))
Routing Detour (http://webappsec.pbworks.com/Routing-Detour)
Session Fixation (http://webappsec.pbworks.com/Session-Fixation)
SOAP Array Abuse (http://webappsec.pbworks.com/SOAP-Array-Abuse)
SSI Injection (http://webappsec.pbworks.com/SSI-Injection)
SQL Injection (http://webappsec.pbworks.com/SQL-Injection)
URL Redirector Abuse (http://webappsec.pbworks.com/URL-Redirector-Abuse)
XPath Injection (http://webappsec.pbworks.com/XPath-Injection)
XML Attribute Blowup (http://webappsec.pbworks.com/XML-Attribute-Blowup)
XML External Entities (http://webappsec.pbworks.com/XML-External-Entities)
XML Entity Expansion (http://webappsec.pbworks.com/XML-Entity-Expansion)
XML Injection (http://webappsec.pbworks.com/XML-Injection)
XQuery Injection (http://webappsec.pbworks.com/XQuery-Injection)

Weaknesses

Application Misconfiguration (http://webappsec.pbworks.com/Application-Misconfiguration)
Directory Indexing (http://webappsec.pbworks.com/Directory-Indexing)
Improper Filesystem Permissions (http://webappsec.pbworks.com/Improper-Filesystem-Permissions)
Improper Input Handling (http://webappsec.pbworks.com/Improper-Input-Handling)
Improper Output Handling (http://projects.webappsec.org/Improper-Output-Handling)
Information Leakage (http://webappsec.pbworks.com/Information-Leakage)
Insecure Indexing (http://webappsec.pbworks.com/Insecure-Indexing)
Insufficient Anti-automation (http://webappsec.pbworks.com/Insufficient+Anti-automation)
Insufficient Authentication (http://webappsec.pbworks.com/Insufficient-Authentication)
Insufficient Authorization (http://webappsec.pbworks.com/Insufficient-Authorization)
Insufficient Password Recovery (http://projects.webappsec.org/Insufficient-Password-Recovery)
Insufficient Process Validation (http://webappsec.pbworks.com/Insufficient-Process-Validation)
Insufficient Session Expiration (http://webappsec.pbworks.com/Insufficient-Session-Expiration)
Insufficient Transport Layer Protection (http://webappsec.pbworks.com/Insufficient-Transport-Layer-Protection)
Server Misconfiguration (http://webappsec.pbworks.com/Server-Misconfiguration)

Me parece una documentación muy util para cualquiera que este interesado en el estudio de las vulnerabilidades web.
También os vuelvo a recordar el documento de la guia de pruebas de la OWASP que tambien considero imprescindible (documento traducido al español).

http://foro.elhacker.net/nivel_web/guia_de_pruebas_de_el_proyecto_abierto_de_seguridad_en_aplicaciones_web_owasp-t261116.0.html

Título: Re: Documentos muy interesantes sobre vulnerabilidades web de el WASC y OWASP
Publicado por: Darioxhcx en 6 Enero 2010, 22:28 PM

interesante che.. gracias por el link ;D
saludos

Título: Re: Documentos muy interesantes sobre vulnerabilidades web de el WASC y OWASP
Publicado por: AlbertoBSD en 6 Enero 2010, 23:36 PM

Es para tenerse en cuenta.

Saludos

Título: Re: Documentos muy interesantes sobre vulnerabilidades web de el WASC y OWASP
Publicado por: T0rete en 6 Enero 2010, 23:43 PM

Gracias por moverlo Anon, al ir a buscar mi otro post debí confundirme, evidentemente mi intención era postearlo en el foro de Nivel Web

Título: Re: Documentos muy interesantes sobre vulnerabilidades web de el WASC y OWASP
Publicado por: WHK en 7 Enero 2010, 00:30 AM

ah genial, ni me habia dado cuenta del otro post xD lo veré, gracias.

Título: Re: Documentos muy interesantes sobre vulnerabilidades web de el WASC y OWASP
Publicado por: RON06 en 7 Enero 2010, 10:57 AM

Muy buen aporte ;D

Saludos!!!

Test Foro de elhacker.net SMF 2.1

Seguridad Informática => Bugs y Exploits => Hacking => Nivel Web => Mensaje iniciado por: T0rete en 6 Enero 2010, 22:16 PM