OWASP / www-project-automated-threats-to-web-applications

OWASP Foundation Web Respository
64 stars 23 forks source link

Add synonyms/related terms? #1

Open jsoverson opened 4 years ago

jsoverson commented 4 years ago

"Password spraying" - testing a list of credentials for a known account - is a subset of credential cracking but the term is getting increased global coverage (ACSC, Mitre, ArsTechnica). Google trends shows that password spraying captures far more searches than credential cracking.

"Password replay", "credential replay", and "password reuse attacks" have all been used to refer to credential stuffing (NCSC, Krebs, 1password). Credential stuffing is the more popular term but the others keep popping up.

The differences, if there are any, across these terms is confusing. There isn't a central location that captures the relationships and readers are left googling terms that net poor results.

Including terms that become common in popular usage will also help drive OWASP awareness.

jsoverson commented 4 years ago

Here's the twitter conversation that motivated this: https://twitter.com/jsoverson/status/1219644499154100225

cw-owasp commented 4 years ago

Thank you, we try to document these in the section “ Other Names and Examples” section, but I see OAT007 is missing this text in the html page on the new site. I will get this corrected and look to extend and update these in the next version.