matching label.

               It’s important to understand basic risk elements when evaluating the
               potential loss from access control attacks. Risk is the possibility or

               likelihood that a threat can exploit a vulnerability, resulting in a loss.
               Asset valuation identifies the value of assets, threat modeling
               identifies potential threats, and vulnerability analysis identifies
               vulnerabilities. These are all important concepts to understand when
               implementing controls to prevent access control attacks.

               Common access control attacks attempt to circumvent authentication
               mechanisms. Access aggregation is the act of collecting and

               aggregating nonsensitive information in an attempt to infer sensitive
               information.

               Passwords are a common authentication mechanism, and several
               types of attacks attempt to crack passwords. Password attacks include
               dictionary attacks, brute-force attacks, birthday attacks, rainbow table
               attacks, and sniffer attacks. Side-channel attacks are passive attacks

               against smartcards.