Focused On Your Success
The All.Net Security Database
Generated Fri Jun 27 09:58:52 PDT 2003 by fc@red.a.net
Cause/Mechanism:
Threat Profiles
Attack Methods
Defense Methods
Process:
Prevention
Detection
Reaction
Impact:
Integrity
Availability
Confidential
Use Control
Other:
Risk Management
Database Description
Domain:
Physical
Informational
Systemic
Sophistication:
Theoretical
Demonstrated
Widespread
Perspectives:
Management
Policy
Standards
Procedures
Documentation
Audit
Testing
Technical Safeguards
Personnel
Incident Handling
Legal
Physical
Awareness
Training
Education
Organization
Brekne's Mechanistic:
Input
Output
Storage
Processing
Transmission
Brekne's Causal:
Accidental
Malicious
Brekne's Method:
Leakage
Masquerade
Denial
Corruption
Usage
Mental
Defense52:
Name:testing
Tests are used to improve the assurance that protection is effective. Examples include regression testing, functional testing, protection testing, complete tests, and a slew of other techniques.
[Lyu95]
[Cohen94]
[Linn83]
[Moyer96]
[Pfleeger89]
[Puketza96]
[Sabnani85]
[Sarikaya82]
[Bishop96]
[Chung95]
[Cohen97-13]
Complexity: Testing abounds with complexity issues. For example complete tests are almost never feasible and methods for performing less-than complete tests have a tendency to leave major missing pieces.
fc@red.a.net
Related Database Material
[PDRPrevent - Relates to Prevent]
[PDRDetect - Relates to Detect]
[PDRIntegrity - Relates to Integrity]
[PDRAvailability - Relates to Availability]
[PDRConfidentiality - Relates to Confidentiality]
[PDRUse - Relates to Use]
[PDRDemonstrated - Relates to Demonstrated]
[PLSSystemic - Relates to Systemic]
[ManAlPolicy - Relates to Policy]
[ManAlStandards - Relates to Standards]
[ManAlProcedures - Relates to Procedures]
[ManAlDocumentation - Relates to Documentation]
[ManAlAudit - Relates to Audit]
[ManAlTesting - Relates to Testing]
[ManAlSafeguards - Relates to Safeguards]
[ManAlIncident - Relates to Incident]
[ManAlPhysical - Relates to Physical]
[ManAlAwareness - Relates to Awareness]
[ManAlTraining - Relates to Training]
[ManAlEducation - Relates to Education]
[Attack1 - errors and omissions]
[Attack12 - relocation]
[Attack13 - system maintenance]
[Attack15 - inadequate maintenance]
[Attack16 - Trojan horses]
[Attack19 - protection missetting exploitation]
[Attack20 - resource availability manipulation]
[Attack21 - perception management a.k.a. human engineering]
[Attack23 - infrastructure interference]
[Attack25 - insertion in transit]
[Attack28 - sympathetic vibration]
[Attack29 - cascade failures]
[Attack30 - bribes and extortion]
[Attack31 - get a job]
[Attack33 - invalid values on calls]
[Attack34 - undocumented or unknown function exploitation]
[Attack35 - inadequate notice exploitation]
[Attack36 - excess privilege exploitation]
[Attack37 - environment corruption]
[Attack38 - device access exploitation]
[Attack39 - modeling mismatches]
[Attack40 - simultaneous access exploitations]
[Attack41 - implied trust exploitation]
[Attack42 - interrupt sequence mishandling]
[Attack43 - emergency procedure exploitation]
[Attack44 - desychronization and time-based attacks]
[Attack45 - imperfect daemon exploits]
[Attack46 - multiple error inducement]
[Attack51 - PBX bugging]
[Attack53 - repair-replace-remove information]
[Attack54 - wire closet attacks]
[Attack55 - shoulder surfing]
[Attack57 - process bypassing]
[Attack58 - content-based attacks]
[Attack59 - backup theft, corruption, or destruction]
[Attack60 - restoration process corruption or misuse]
[Attack62 - call forwarding fakery]
[Attack63 - input overflow]
[Attack64 - illegal value insertion]
[Attack71 - false updates]
[Attack83 - interprocess communication attacks]
[Attack89 - race conditions]
[Attack90 - strategic or tactical deceptions]