[Automated_threats_to_web_applications] CAPEC

Colin Watson colin.watson at owasp.org
Mon Nov 9 08:56:48 UTC 2015


I sent some details of the project to Mitre's CAPEC mailing list and
received acknowledgement. See below.

Regards

Colin


 ------



To: capec-research-list CAPEC Researcher Discussion <
capec-research-list at lists.mitre.org>
Date: 06.11.2015 12:23
Subject: RE: Automated Threats to Web Applications
Colin,

Thank you for bringing this to our attention. We will try to look through
this and relate it to CAPEC once we get through this current push. I like
how you have already started this with Figure 6.

Thanks
D


> -----Original Message-----
> From: owner-capec-research-list at lists.mitre.org [mailto:owner-capec-
> research-list at lists.mitre.org] On Behalf Of Colin Watson
> Sent: Thursday, October 15, 2015 9:39 AM
> To: capec-research-list CAPEC Researcher Discussion <capec-research-
> list at lists.mitre.org>
> Subject: Automated Threats to Web Applications
>
> Hello List Members
>
> Recently I worked on creating a list of automated threats to web
applications:
>
>    PDF
>
> https://www.owasp.org/index.php/OWASP_Automated_Threats_to_Web_
> Applications
>
>    In print
>    http://www.lulu.com/shop/owasp-foundation/automated-threat-
> handbook/paperback/product-22295560.html
>
> It was presented at AppSec USA last month:
>
>    https://www.owasp.org/index.php/File:Colinwatson-a-new-ontology-of-
> unwanted-automation.pptx
>
> The threat events are mapped to CAPEC:
>
>    https://www.owasp.org/index.php/File:Ontology-chart-capec-wiki.png
>
> They mostly fall within the existing CAPEC-210: Abuse of Functionality. I
hope
> they might be a useful enumeration of automated threats that are not
simply
> the result of exploitation of a vulnerability, and be useful for the
classification
> of threat intelligence. There is further discussion on the scope and
intended
> use cases in the document.
>
> I am working on related guidance for developers and defenders.
>
> Regards
>
> Colin Watson
> OWASP Automated Threats to Web Application project leader
>
> https://www.owasp.org/index.php/OWASP_Automated_Threats_to_Web_
> Applications
>
> https://lists.owasp.org/mailman/listinfo/automated_threats_to_web_applic
> ations
>
> To unsubscribe, send an email message to LISTSERV at LISTS.MITRE.ORG with
> SIGNOFF CAPEC-RESEARCH-LIST in the BODY of the message. If you have
> difficulties, write to CAPEC-RESEARCH-LIST-REQUEST at LISTS.MITRE.ORG.

To unsubscribe, send an email message to LISTSERV at LISTS.MITRE.ORG with
SIGNOFF CAPEC-RESEARCH-LIST in the BODY of the message. If you have
difficulties, write to CAPEC-RESEARCH-LIST-REQUEST at LISTS.MITRE.ORG.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/automated_threats_to_web_applications/attachments/20151109/6294f99a/attachment.html>


More information about the Automated_threats_to_web_applications mailing list