OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: rudi carell (rudicarellhotmail.com)
Date: Tue Oct 02 2001 - 07:05:15 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    YES.

    rc

    >From: Dennis Groves <dwgmac.com>

    >CLASSIFICATION OF VULNERABILITIES
    >=================================
    >
    >
    >Informational
    >-------------
    >
    >³This class of vulnerabilities describes issues that allow an attacker to
    >obtain more information about the system than is intended or desired².
    >
    >Comments
    >Identifying Characteristics
    >Error Codes
    >Forceful Browsing
    >
    >
    >Input Validation
    >----------------
    >
    >³This class of vulnerabilities describes issues that allow an attacker to
    >create input to a system which will be processed to his/her advantage².
    >
    >Circumventing Validation (client side manipulation)
    >Unicode Encoded Strings
    >URL Encoded Strings
    >OS Commands
    >Direct SQL Commands
    >Buffer Overflows
    >Path Traversal
    >Cross-Site Scripting
    >Format Strings
    >Null Characters
    >Meta Characters
    >
    >
    >Session Management
    >------------------
    >
    >³This class of vulnerabilities describes issues that arise from improperly
    >designed session management systems.²
    >
    >Page Sequencing
    >Session Hi-Jacking
    >Session Replay
    >Man in the Middle Attacks
    >
    >
    >Authentication
    >--------------
    >
    >³This class of vulnerabilities describes issues that arise from improperly
    >designed authentication systems.²
    >
    >Brute force (totally offline attack)
    >Interrogative adversary (adaptive chosen message attack)
    >Passive eavesdropper (listen, but can't modify network)
    >Active eavesdrops (total control of the network)
    >
    >
    >Parameter Manipulation
    >----------------------
    >
    >³This class of vulnerabilities describes issues that allow an attacker to
    >manipulate input parameters to a system which will be processed to his/her
    >advantage².
    >
    >URL Manipulation
    >Hidden Form Field Manipulation
    >Cookie Manipulation
    >Serialized Object Manipulation
    >
    >
    >Privacy Violations
    >------------------
    >
    >³This class of vulnerabilities describes issues where users personal data
    >maybe visible to others than the intended user.²
    >
    >Browser Cache
    >Browser History
    >Auto-completes
    >Client IP Tracking
    >Referer
    >
    >
    >Mis-configurations
    >------------------
    >
    >³This class of vulnerabilities describes issues resulting from improperly
    >configured settings for any component in the system.²
    >
    >Vendor Patches
    >Default Accounts
    >
    >
    >Backdoors
    >---------
    >
    >³This class of vulnerabilities describes additional functionality of a
    >system not designed to be accessed by regular users.²
    >
    >Debug Commands
    >Covert Channels
    >
    >
    >Trojans
    >-------
    >
    >³This class of vulnerabilities describes foreign components designed to
    >subvert the system or user security².
    >
    >Malicious mobile code
    >Application Trojans
    >Data Tainting
    >
    >

    securityfreefly.com
    http://www.freefly.com/security/

    _________________________________________________________________
    Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp