• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Stop wasting time looking for files and revisions. Connect your Gmail, DriveDropbox, and Slack accounts and in less than 2 minutes, Dokkio will automatically organize all your file attachments. Learn more and claim your free account.


Threat Classification Reference Grid

Page history last edited by Robert Auger 10 years, 11 months ago

Threat Classification Reference Grid

The Threat Classification Reference Grid was created to allow individuals and products to reference particular Threat Classification sections with a static identifier. The numeric reference next to each item in no way denotes risk, severity or priority, merely a static identifier for the purpose of referencing.


Item Name WASC ID
Insufficient Authentication WASC-01
Insufficient Authorization WASC-02
Integer Overflows WASC-03
Insufficient Transport Layer Protection WASC-04
Remote File Inclusion WASC-05
Format String WASC-06
Buffer Overflow WASC-07
Cross-site Scripting WASC-08
Cross-site Request Forgery WASC-09
Denial of Service WASC-10
Brute Force WASC-11
Content Spoofing WASC-12
Information Leakage WASC-13
Server Misconfiguration WASC-14
Application Misconfiguration WASC-15
Directory Indexing WASC-16
Improper Filesystem Permissions WASC-17
Credential/Session Prediction WASC-18
SQL Injection
Improper Input Handling WASC-20
Insufficient Anti-Automation WASC-21
Improper Output Handling WASC-22
XML Injection WASC-23
HTTP Request Splitting WASC-24
HTTP Response Splitting WASC-25
HTTP Request Smuggling WASC-26
HTTP Response Smuggling WASC-27
Null Byte Injection WASC-28
LDAP Injection WASC-29
Mail Command Injection WASC-30
OS Commanding WASC-31
Routing Detour WASC-32
Path Traversal WASC-33
Predictable Resource Location WASC-34
SOAP Array Abuse WASC-35
SSI Injection WASC-36
Session Fixation WASC-37
URl Redirector Abuse WASC-38
XPath Injection WASC-39
Insufficient Process Validation WASC-40
XML Attribute Blowup WASC-41
Abuse of Functionality WASC-42
XML External Entities WASC-43
XML Entity Expansion WASC-44
Fingerprinting WASC-45
XQuery Injection WASC-46
Insufficient Session Expiration WASC-47
Insecure Indexing
Insufficient Password Recovery WASC-49


WASC Threat Classification (Future)

This outlines sections that will be included in future versions of the WASC Threat Classification.


Item Name WASC ID
Insufficient Data Protection WASC-50


Comments (0)

You don't have permission to comment on this page.