When designing controls to prevent misuse of your application, you must consider the most likely attackers (in order of likelihood and actualized loss from most to least. Disgruntled staff or developers,“Drive by” attacks, such as side effects or direct consequences of a virus, worm, or Trojan attack,Motivated criminal attackers, such as organized crime,Criminal attackers without motive against your organization, such as defacers,Script kiddies.