Paid Advertising is
ha.ckers sla.cking
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
WASC Threat Classification v2.0 Published
Posted by: zeno
Date: January 03, 2010 04:21AM

The Web Application Security Consortium (WASC) is pleased to announce the long awaited release of the WASC
Threat Classification v2.0. The Threat Classification is an effort to classify the weaknesses, and attacks
that can lead to the compromise of a website, its data, or its users. This document's primarily purpose is
to serve as a reference guide for common attacks and weaknesses.

Main goals
- Refine document scope, terminology, and purpose
- Update existing sections when applicable
- Add missing attacks and weaknesses
- Creation of a firm, scalable base foundation allowing for the introduction of data views allowing for various
forms of data representation
- Addition of attack and weakness reference identifiers (WASC-<xx>)
- Publication of two data views

WASC Threat Classification v2.0 Online

Using the Threat Classification

Threat Classification Authors and Contributors

WASC Threat Classification FAQ

WASC Reference Identifier Grid

Threat Classification Data Views

Options: ReplyQuote
Re: WASC Threat Classification v2.0 Published
Posted by: br0kan
Date: January 11, 2010 03:06PM

Here is a good mapping of the WASC Threat Classification v2.0 to the 2010 OWASP Top Ten Vulnerabilities as well.

Options: ReplyQuote

Sorry, only registered users may post in this forum.