CIA Triad¶
The most attacks are threaten one of these elements: confideality, integrity, availability
| Pronciple | Description | Example of attacks |
|---|---|---|
| confideality | A system is considered confidential if only those individuals who have been granted appropriate permissions have access to it. | password theft, database exfiltration via SQL Injection 2023050422584646 SQL Injection and Insecure Direct Object Referencing (IDOR) [[202304131820011 Insecure Direct Object Referencing]]. |
| integrity | A system has integrity when the system contains only information which onwer intended to store | attacker uploads or deletes data, arbitrary code execution 2023041318261919 arbitrary code execution |
| availability | A system is considered available when users are able to interact with system | The attacker obtained the user's credentials and changed them. This is an attack against the account's availability, denial of service 2023041318295252 denial of service |