• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Stop wasting time looking for files and revisions. Connect your Gmail, DriveDropbox, and Slack accounts and in less than 2 minutes, Dokkio will automatically organize all your file attachments. Learn more and claim your free account.


Threat Classification Enumeration View

Page history last edited by Robert Auger 10 years, 10 months ago

Project: WASC Threat Classification


WASC Threat Classification 'Enumeration View'

This view enumerates the attacks, and weaknesses that can lead to the compromise of a website, its data, or its users. This serves as the base view for the WASC Threat Classification.


Grid Representation:


Attacks Weaknesses Appendix
Abuse of Functionality Application Misconfiguration Authors and Contributors
Brute Force Directory Indexing Using the Threat Classification
Buffer Overflow Improper Filesystem Permissions Threat Classification Glossary
Content Spoofing Improper Input Handling The Threat Classifications Evolution
Credential/Session Prediction

Improper Output Handling

Threat Classification FAQ
Cross-Site Scripting Information Leakage Threat Classification Reference Grid
Cross-Site Request Forgery

Insecure Indexing

Threat Classification Views
Denial of Service Insufficient Anti-automation  
Fingerprinting Insufficient Authentication  
Format String Insufficient Authorization  
HTTP Response Smuggling Insufficient Password Recovery
HTTP Response Splitting Insufficient Process Validation  
HTTP Request Smuggling Insufficient Session Expiration  
HTTP Request Splitting Insufficient Transport Layer Protection  
Integer Overflows Server Misconfiguration  
LDAP Injection    
Mail Command Injection    
Null Byte Injection    
OS Commanding


Path Traversal    
Predictable Resource Location    
Remote File Inclusion (RFI)    
Routing Detour
Session Fixation    
SOAP Array Abuse    
SSI Injection    
SQL Injection    
URL Redirector Abuse    
XPath Injection    
XML Attribute Blowup    
XML External Entities    
XML Entity Expansion    
XML Injection    
XQuery Injection    



Tree Representation:





Comments (0)

You don't have permission to comment on this page.