Automated threat
An automated threat is a type of computer security threat to a computer network or web application, characterised by the malicious use of automated tools such as Internet bots. Automated threats are popular on the internet as they can complete large amounts of repetitive tasks with almost no cost to execute.
Threat ontology
The OWASP Automated Threat Handbook provides a threat ontology list for classifying automated threats, which are enumerated below.| Identity Code | Name | Defining characteristics |
| OAT-020 | Account Aggregation | Use by an intermediary application that collects together multiple accounts and interacts on their behalf |
| OAT-019 | Account Creation | Create multiple accounts for subsequent misuse |
| OAT-003 | Ad Fraud | False clicks and fraudulent display of web-placed advertisements |
| OAT-009 | CAPTCHA Bypass | Solve anti-automation tests |
| OAT-001 | Carding | Multiple payment authorisation attempts used to verify the validity of bulk stolen payment card data |
| OAT-010 | Card Cracking | Identify missing start/expiry dates and security codes for stolen payment card data by trying different values |
| OAT-012 | Cashing Out | Buy goods or obtain cash utilising validated stolen payment card or other user account data |
| OAT-007 | Credential Cracking | Identify valid login credentials by trying different values for usernames and/or passwords |
| OAT-015 | Denial of Service | Target resources of the application and database servers, or individual user accounts, to achieve denial of service |
| OAT-006 | Expediting | Perform actions to hasten progress of usually slow, tedious or time-consuming actions |
| OAT-004 | Fingerprinting | Elicit information about the supporting software and framework types and versions |
| OAT-018 | Footprinting | Probe and explore application to identify its constituents and properties |
| OAT-005 | Scalping | Obtain limited-availability and/or preferred goods/services by unfair methods |
| OAT-011 | Scraping | Collect application content and/or other data for use elsewhere |
| OAT-016 | Skewing | Repeated link clicks, page requests or form submissions intended to alter some metric |
| OAT-013 | Sniping | Last minute bid or offer for goods or services |
| OAT-017 | Spamming | Malicious or questionable information addition that appears in public or private content, databases or user messages |
| OAT-002 | Token Cracking | Mass enumeration of coupon numbers, voucher codes, discount tokens, etc. |
| OAT-014 | Vulnerability Scanning | Crawl and fuzz application to identify weaknesses and possible vulnerabilities |