Category:Attack Categorisation By Number Of Involved Parties
In the simplest case one attacker at an arbitrary location executes an attack against a single web service. In more complex scenarios one attacker may control various parties, who then on behalf of the attacker unknowingly and successfully execute the attack. The classic example of this scenario is the distributed DOS (DDOS) attack, where a botnet controlled by an attacker attacks a web service. The following coding schema was therefore developed to describe the different scenarios that can arise.
The code always has the form X - Y - Z:
- X = number of attackers
- Y = number of involved intermediaries/other web services
- Z = number of attacked web services
X, Y and Z can take the values:
- 0 = no party involved
- 1 = one party involved
- 2+ = two or more parties involved
Example code: 1 - 0 - 1, which equals “one attacker, no involved intermediary, one targeted web service”
Subcategories
This category has the following 3 subcategories, out of 3 total.
Pages in category "Attack Categorisation By Number Of Involved Parties"
The following 35 pages are in this category, out of 35 total.
X
- XML Document Size Attack
- XML Encryption - Transformation DOS
- XML Entity Expansion
- XML Entity Reference Attack
- XML External Entity DOS
- XML Flooding
- XML Injection
- XML Signature - Key Retrieval DOS
- XML Signature - Key Retrieval XSA (Cross Site Attack)
- XML Signature Exclusion
- XML Signature Wrapping
- XML Signature Wrapping - Optional Element
- XML Signature Wrapping - Optional Element in Security Header
- XML Signature Wrapping - Simple Context
- XML Signature Wrapping - with Namespace Injection
- XML Signature – Transformation DOS
- XML Signature – XSLT Code Execution
- Xpath Injection