View
 

Threat Classification Enumeration View

Page history last edited by Robert Auger 14 years, 11 months ago

Project: WASC Threat Classification

 

WASC Threat Classification 'Enumeration View'

This view enumerates the attacks, and weaknesses that can lead to the compromise of a website, its data, or its users. This serves as the base view for the WASC Threat Classification.

 

Grid Representation:

 

Attacks Weaknesses Appendix
Abuse of Functionality Application Misconfiguration Authors and Contributors
Brute Force Directory Indexing Using the Threat Classification
Buffer Overflow Improper Filesystem Permissions Threat Classification Glossary
Content Spoofing Improper Input Handling The Threat Classifications Evolution
Credential/Session Prediction

Improper Output Handling

Threat Classification FAQ
Cross-Site Scripting Information Leakage Threat Classification Reference Grid
Cross-Site Request Forgery

Insecure Indexing

Threat Classification Views
Denial of Service Insufficient Anti-automation  
Fingerprinting Insufficient Authentication  
Format String Insufficient Authorization  
HTTP Response Smuggling Insufficient Password Recovery
 
HTTP Response Splitting Insufficient Process Validation  
HTTP Request Smuggling Insufficient Session Expiration  
HTTP Request Splitting Insufficient Transport Layer Protection  
Integer Overflows Server Misconfiguration  
LDAP Injection    
Mail Command Injection    
Null Byte Injection    
OS Commanding

 

 
Path Traversal    
Predictable Resource Location    
Remote File Inclusion (RFI)    
Routing Detour
 
Session Fixation    
SOAP Array Abuse    
SSI Injection    
SQL Injection    
URL Redirector Abuse    
XPath Injection    
XML Attribute Blowup    
XML External Entities    
XML Entity Expansion    
XML Injection    
XQuery Injection    

 

 

Tree Representation:

 

Attacks

 

Weaknesses

Comments (0)

You don't have permission to comment on this page.