Sólo se me ocurrieron 5 hasta ahora.
Aquí está mi lista en ningún orden en particular:
1. Configuración errónea de seguridad ( Top 10 de OWASP )
Good security requires having a secure configuration defined and deployed for the
application, frameworks, application server, web server, database server, and platform.
All these settings should be defined, implemented, and maintained as many are not
shipped with secure defaults. This includes keeping all software up to date, including
all code libraries used by the application.
2. Protección de la capa de transporte insuficiente ( Top 10 de OWASP )
Applications frequently fail to authenticate, encrypt, and protect the confidentiality
and integrity of sensitive network traffic. When they do, they sometimes support weak
algorithms, use expired or invalid certificates, or do not use them correctly.
This allows for packet sniffing.
3. Zero day exploits in software
Networked machines usually provide some kind of service, whether it be a SQL server,
webserver or FTP server. Vulnerabilities in software will always be a threat as software
never be developed without security issues.
Vulnerabilities that come under this is for example:
* SQL injection on a database
* XXS on a webserver
* Buffer overflow attacks on an application
* Format string attacks
* ...
4. Hijacking / Spoofing / Session replay
If a middleman is in some way able to observe the traffic between two nodes on a network
he may try to capture the traffic, modify it and appear as the sender.
Techniques such as ARP Poisoning comes unde rthis category.
5. Denegación de servicio
Disruption of service by some kind of resource starvation on the victim. I.e packet
flooding to consume all half-open TCP connections or consuming all bandwith on a
webserver.