威胁

• threats model
  • https://kamus.soluto.io/docs/threatmodeling/threats_controls/
• https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html
• https://owasp.org/www-community/Threat_Modeling
• https://owasp.org/www-community/Threat_Modeling_Process
• https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling

WEB

• SQL Injection
• XSS - Cross Site Scripting
• CSRF - Cross Site Request Forgery
• IDOR - Insecure Direct Object Reference
  • 通过修改 URL 参数访问其他用户的资源
• RCE - Remote Code Execution
• SSRF - Server-Side Request Forgery
• Hash Collision DoS - 哈希碰撞拒绝服务攻击
  • Hashtable DoS
• bcrypt DoS
  • CAPTCHA PoW