WEBSITE SECURITY (BUSINESS LOGIC VULNERABILITIES)
Abuse of Functionality An attack that uses a website's own features and functionality to consume, defraud, or circumvent access control mechanisms. Some functions including security features may be abused to cause unexpected behavior, annoy other users, or perhaps defraud the system entirely. Abuse of Functionality techniques are often intertwined with other categories of Web application attacks, such as performing an encoding attack to introduce a query string that turns a web search function into a remote web proxy. Abuse of Functionality attacks are also commonly used as a force multiplier. For example, an attacker can inject a Cross-Site Scripting snippet into a web-chat session, then use the built-in broadcast function to propagate the malicious code site-wide. Brute Force An automated process of trial and error used to guess a person's username, password, credit-card number or cryptographic key. Many systems will allow the use of weak passwords or small cryptogr...