• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.



This version was saved 11 years, 10 months ago View current version     Page history
Saved by Robert Auger
on November 2, 2009 at 12:58:17 pm

Welcome To The Web Application Security Consortium Project page


WASC applies a selective process to assigning project leaders, with the key goal of qualified expertise throughout the project with timely delivery. Participation is open to everyone, simply find a project that interests you and contact the project leader letting them know you'd like to participate.


Note: This page is currently under construction/migration and does not represent all WASC Projects. Please visit http://www.webappsec.org/projects/ for a complete list.




The Web Security Glossary

The Web Security Glossary is an alphabetical index of terms and terminology relating to web application security. The purpose of the Glossary is to clarify the language used within the community.


Web Application Security Statistics

This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks are the most prevalent regardless of the methodology used to identify them. Industry statistics such as those compiled by Mitre CVE project provide valuable insight into the types of vulnerabilities discovered in open source and commercial applications, this project tries to be the equivalent for custom web applications.


Script Mapping

The purpose of the WASC Script Mapping Project is to come up with an exhaustive list of vectors to cause a script to be executed within a web page without the use of <script> tags. This data can be useful when testing poorly implemented Cross-site Scripting blacklist filters, for those wishing to build an html white list system, as well as other uses.


Distributed Open Proxy Honeypots

This project project gathers real web attack data by deploying multiple, specially configured open proxy servers which log data to a central log host in

real time.  Our goal is to identify and report on emerging web attack data and trends. 


The Web Application Security Scanner Evaluation Criteria (WASSEC)

The Web Application Security Scanner Evaluation Criteria (WASSEC) is a set of guidelines to evaluate web application scanners on their ability to effectively test web applications and identify vulnerabilities.  The goal of the WASSEC is to provide the tools and documentation to enable anyone to evaluate web application security scanners and choose the product that best fits their needs.


The Web Application Firewall Evaluation Criteria (WAFEC)

The Web Application Firewall Evaluation Criteria Project (WAFEC) serves two goals: On the one hand WAFEC helps users to understand what a WAF is and its role in protecting web sites and on the other hand WAFEC provides a tool for users to make an educated decision when selecting a WAF.




Unlike traditional wiki's where anyone can perform updates this wiki is only modifiable by WASC Project leaders/delegates and is not open for public modification. This is because all WASC material is heavily scrutinized by peer review teams prior to publication to ensure that only the most accurate, relevant and top notch information is published.


If you are interested in participating in an existing project visit the project page and contact the project leader listed on the page. If you're interested in creating a project first review our charter then use our contact form and submit your proposal. Otherwise you can register and post comments to any page on the wiki and it will be directed to the project leader. For a list of everyone who has contributed to WASC check out our community page.



All materials are published as open source using the creative commons license.


Comments (0)

You don't have permission to comment on this page.