Intrusion, Harassment and Conducive Vulnerabilities

Strategies of intrusion and harassment

  1. Encircling the bandwagon
    • e.g. DDoS attacks
  2. Starvation or constriction
    • e.g. contaminating, masking or debilitating DNS services used by users
    • e.g. debilitating 3rd party jquery server, or peered web services depended upon by application
  3. Interception
  4. Intrusion
  5. Masquerade
  6. Diversion, redirection
  7. Overwriting and replacing code
  8. Detecting exploitable side-effects
  9. Cross-site communication
  10. Piggybacking on data structures, streams, requests and headers
  11. Social engineering
  12. Trojanware, sleeperware, siphonware
  13. Overwhelming server resources
  14. Exploiting Structural vulnerabilities

Vulnerabilities conducive for intrusion and harassment

  1. Insufficient redundancy to handle load.
  2. Transparent architecture and structure.
  3. Predictable responses.
  4. Unprotected or poorly secured access.
  5. Unprotected or poorly secured information.
  6. Unprotected or poorly secured transmission.
  7. Direct pipeline from access interface to resource.
  8. Inherent hideouts for intrusion at access interface.
  9. Vulnerable information and process flow.
  10. Vulnerable data structure and modeling strategies.
  11. Vulnerable resource structure.
  12. Code or architecture with undocumented, unknown but exploitable side-effects.
  13. Exposed debugging/test mode algorithms.
  14. Invitingly exposed back doors and Easter eggs.
  15. Business rules and processes incompatible for security.

No comments:

Post a Comment