OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: bugtraq (bugtraqcgisecurity.net)
Date: Tue Oct 02 2001 - 05:34:41 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Sure why not :). Looks nice

    - zenocgisecurity.com

    >
    > CLASSIFICATION OF VULNERABILITIES
    > =================================
    >
    >
    > Informational
    > -------------
    >
    > ³This class of vulnerabilities describes issues that allow an attacker to
    > obtain more information about the system than is intended or desired².
    >
    > Comments
    > Identifying Characteristics
    > Error Codes
    > Forceful Browsing
    >
    >
    > Input Validation
    > ----------------
    >
    > ³This class of vulnerabilities describes issues that allow an attacker to
    > create input to a system which will be processed to his/her advantage².
    >
    > Circumventing Validation (client side manipulation)
    > Unicode Encoded Strings
    > URL Encoded Strings
    > OS Commands
    > Direct SQL Commands
    > Buffer Overflows
    > Path Traversal
    > Cross-Site Scripting
    > Format Strings
    > Null Characters
    > Meta Characters
    >
    >
    > Session Management
    > ------------------
    >
    > ³This class of vulnerabilities describes issues that arise from improperly
    > designed session management systems.²
    >
    > Page Sequencing
    > Session Hi-Jacking
    > Session Replay
    > Man in the Middle Attacks
    >
    >
    > Authentication
    > --------------
    >
    > ³This class of vulnerabilities describes issues that arise from improperly
    > designed authentication systems.²
    >
    > Brute force (totally offline attack)
    > Interrogative adversary (adaptive chosen message attack)
    > Passive eavesdropper (listen, but can't modify network)
    > Active eavesdrops (total control of the network)
    >
    >
    > Parameter Manipulation
    > ----------------------
    >
    > ³This class of vulnerabilities describes issues that allow an attacker to
    > manipulate input parameters to a system which will be processed to his/her
    > advantage².
    >
    > URL Manipulation
    > Hidden Form Field Manipulation
    > Cookie Manipulation
    > Serialized Object Manipulation
    >
    >
    > Privacy Violations
    > ------------------
    >
    > ³This class of vulnerabilities describes issues where users personal data
    > maybe visible to others than the intended user.²
    >
    > Browser Cache
    > Browser History
    > Auto-completes
    > Client IP Tracking
    > Referer
    >
    >
    > Mis-configurations
    > ------------------
    >
    > ³This class of vulnerabilities describes issues resulting from improperly
    > configured settings for any component in the system.²
    >
    > Vendor Patches
    > Default Accounts
    >
    >
    > Backdoors
    > ---------
    >
    > ³This class of vulnerabilities describes additional functionality of a
    > system not designed to be accessed by regular users.²
    >
    > Debug Commands
    > Covert Channels
    >
    >
    > Trojans
    > -------
    >
    > ³This class of vulnerabilities describes foreign components designed to
    > subvert the system or user security².
    >
    > Malicious mobile code
    > Application Trojans
    > Data Tainting
    >
    >
    >
    >