A continuación una clasificación de las diferentes amenazas y ataques:

Network threats:

  • compromised key attack
  • denial-of-service(DoS) attacks
  • DNS and ARP poisoning
  • firewall and IDS attacks
  • information gathering
  • password-based attacks
  • session hijacking and man in the middle attacks
  • sniffing and eavesdropping
  • spoofing

Host threats:

  • arbitrary code execution
  • backdoor attacks
  • denial of service attacks
  • footprinting
  • malware attacks
  • password attacks
  • physical security threats
  • privilege escalation
  • unauthorized access

Application threats:

  • authentication and authorization attacks
  • broken session management
  • buffer overflow issues
  • cryptography attacks
  • improper data/input validation
  • improper error handling and exception management
  • information disclosure
  • security misconfiguration
  • SQL injection

Leave a Reply

error: ooops!