A continuación una clasificación de las diferentes amenazas y ataques:
Network threats:
- compromised key attack
- denial-of-service(DoS) attacks
- DNS and ARP poisoning
- firewall and IDS attacks
- information gathering
- password-based attacks
- session hijacking and man in the middle attacks
- sniffing and eavesdropping
- spoofing
Host threats:
- arbitrary code execution
- backdoor attacks
- denial of service attacks
- footprinting
- malware attacks
- password attacks
- physical security threats
- privilege escalation
- unauthorized access
Application threats:
- authentication and authorization attacks
- broken session management
- buffer overflow issues
- cryptography attacks
- improper data/input validation
- improper error handling and exception management
- information disclosure
- security misconfiguration
- SQL injection