log inhelp

View
 

Threat Classification Reference Grid

Page history last edited by Robert Auger 2 years, 4 months ago

Threat Classification Reference Grid

The Threat Classification Reference Grid was created to allow individuals and products to reference particular Threat Classification sections with a static identifier. The numeric reference next to each item in no way denotes risk, severity or priority, merely a static identifier for the purpose of referencing.

 

Item Name WASC ID
Insufficient Authentication WASC-01
Insufficient Authorization WASC-02
Integer Overflows WASC-03
Insufficient Transport Layer Protection WASC-04
Remote File Inclusion WASC-05
Format String WASC-06
Buffer Overflow WASC-07
Cross-site Scripting WASC-08
Cross-site Request Forgery WASC-09
Denial of Service WASC-10
Brute Force WASC-11
Content Spoofing WASC-12
Information Leakage WASC-13
Server Misconfiguration WASC-14
Application Misconfiguration WASC-15
Directory Indexing WASC-16
Improper Filesystem Permissions WASC-17
Credential/Session Prediction WASC-18
SQL Injection
 WASC-19
Improper Input Handling WASC-20
Insufficient Anti-Automation WASC-21
Improper Output Handling WASC-22
XML Injection WASC-23
HTTP Request Splitting WASC-24
HTTP Response Splitting WASC-25
HTTP Request Smuggling WASC-26
HTTP Response Smuggling WASC-27
Null Byte Injection WASC-28
LDAP Injection WASC-29
Mail Command Injection WASC-30
OS Commanding WASC-31
Routing Detour WASC-32
Path Traversal WASC-33
Predictable Resource Location WASC-34
SOAP Array Abuse WASC-35
SSI Injection WASC-36
Session Fixation WASC-37
URl Redirector Abuse WASC-38
XPath Injection WASC-39
Insufficient Process Validation WASC-40
XML Attribute Blowup WASC-41
Abuse of Functionality WASC-42
XML External Entities WASC-43
XML Entity Expansion WASC-44
Fingerprinting WASC-45
XQuery Injection WASC-46
Insufficient Session Expiration WASC-47
Insecure Indexing
 WASC-48
Insufficient Password Recovery WASC-49

 

WASC Threat Classification (Future)

This outlines sections that will be included in future versions of the WASC Threat Classification.

 

Item Name WASC ID
Insufficient Data Protection WASC-50

 

Comments (0)

You don't have permission to comment on this page.

PDF version