• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!



Page history last edited by Robert Auger 11 years, 2 months ago

Welcome To The Web Application Security Consortium Project page


WASC applies a selective process to assigning project leaders, with the key goal of qualified expertise throughout the project with timely delivery. Participation is open to everyone, simply find a project that interests you and contact the project leader letting them know you'd like to participate.


Note: This page is currently under construction/migration and does not represent all WASC Projects. Please visit http://www.webappsec.org/projects/ for a complete list.




The WASC Threat Classification

The WASC Threat Classification is a cooperative effort to clarify and organize the threats to the security of a web site. The members of the Web Application Security Consortium have created this project to develop and promote industry standard terminology for describing these issues. Application developers, security professionals, software vendors, and compliance auditors will have the ability to access a consistent language and definitions for web security related issues.


The Web Security Glossary

The Web Security Glossary is an alphabetical index of terms and terminology relating to web application security. The purpose of the Glossary is to clarify the language used within the community.


Web Application Security Statistics

This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks are the most prevalent regardless of the methodology used to identify them. Industry statistics such as those compiled by Mitre CVE project provide valuable insight into the types of vulnerabilities discovered in open source and commercial applications, this project tries to be the equivalent for custom web applications.


Static Analysis Technology Evaluation Criteria (New)

This project will define a common criteria for evaluation of SAST (Static Application Security Testing) tools for individual organizations.


Script Mapping

The purpose of the WASC Script Mapping Project is to come up with an exhaustive list of vectors to cause a script to be executed within a web page without the use of <script> tags. This data can be useful when testing poorly implemented Cross-site Scripting blacklist filters, for those wishing to build an html white list system, as well as other uses.


The Web Hacking Incident Database (WHID)

WHID goal is to serve as a tool for raising awareness of the web application security problem and provide information for statistical analysis of web applications security incidents.


Distributed Open Proxy Honeypots

This project project gathers real web attack data by deploying multiple, specially configured open proxy servers which log data to a central log host in

real time.  Our goal is to identify and report on emerging web attack data and trends. 


The Web Application Security Scanner Evaluation Criteria (WASSEC)

The Web Application Security Scanner Evaluation Criteria (WASSEC) is a set of guidelines to evaluate web application scanners on their ability to effectively test web applications and identify vulnerabilities.  The goal of the WASSEC is to provide the tools and documentation to enable anyone to evaluate web application security scanners and choose the product that best fits their needs.


The Web Application Firewall Evaluation Criteria (WAFEC)

The Web Application Firewall Evaluation Criteria Project (WAFEC) serves two goals: On the one hand WAFEC helps users to understand what a WAF is and its role in protecting web sites and on the other hand WAFEC provides a tool for users to make an educated decision when selecting a WAF.




Unlike traditional wiki's where anyone can perform updates this wiki is only modifiable by WASC Project leaders/delegates and is not open for public modification. This is because all WASC material is heavily scrutinized by peer review teams prior to publication to ensure that only the most accurate, relevant and top notch information is published.


If you are interested in participating in an existing project visit the project page and contact the project leader listed on the page. If you're interested in creating a project first review our charter then use our contact form and submit your proposal. Otherwise you can register and post comments to any page on the wiki and it will be directed to the project leader. For a list of everyone who has contributed to WASC check out our community page.



All materials are published as open source using the creative commons license.


Comments (0)

You don't have permission to comment on this page.