The Web Application Security Consortium

Threat Classification Reference Grid

Page history last edited by 15 years, 10 months ago

Threat Classification Reference Grid

The Threat Classification Reference Grid was created to allow individuals and products to reference particular Threat Classification sections with a static identifier. The numeric reference next to each item in no way denotes risk, severity or priority, merely a static identifier for the purpose of referencing.

Item Name WASC ID

Insufficient Authentication WASC-01

Insufficient Authorization WASC-02

Integer Overflows WASC-03

Insufficient Transport Layer Protection WASC-04

Remote File Inclusion WASC-05

Format String WASC-06

Buffer Overflow WASC-07

Cross-site Scripting WASC-08

Cross-site Request Forgery WASC-09

Denial of Service WASC-10

Brute Force WASC-11

Content Spoofing WASC-12

Information Leakage WASC-13

Server Misconfiguration WASC-14

Application Misconfiguration WASC-15

Directory Indexing WASC-16

Improper Filesystem Permissions WASC-17

Credential/Session Prediction WASC-18

SQL Injection
WASC-19

Improper Input Handling WASC-20

Insufficient Anti-Automation WASC-21

Improper Output Handling WASC-22

XML Injection WASC-23

HTTP Request Splitting WASC-24

HTTP Response Splitting WASC-25

HTTP Request Smuggling WASC-26

HTTP Response Smuggling WASC-27

Null Byte Injection WASC-28

LDAP Injection WASC-29

Mail Command Injection WASC-30

OS Commanding WASC-31

Routing Detour WASC-32

Path Traversal WASC-33

Predictable Resource Location WASC-34

SOAP Array Abuse WASC-35

SSI Injection WASC-36

Session Fixation WASC-37

URl Redirector Abuse WASC-38

XPath Injection WASC-39

Insufficient Process Validation WASC-40

XML Attribute Blowup WASC-41

Abuse of Functionality WASC-42

XML External Entities WASC-43

XML Entity Expansion WASC-44

Fingerprinting WASC-45

XQuery Injection WASC-46

Insufficient Session Expiration WASC-47

Insecure Indexing
WASC-48

Insufficient Password Recovery WASC-49

WASC Threat Classification (Future)

This outlines sections that will be included in future versions of the WASC Threat Classification.

Item Name WASC ID

Insufficient Data Protection WASC-50

Threat Classification Reference Grid

Page Tools

Insert links

Insert links to other pages or uploaded files.

Pages Images and files

Loading...

No images or files uploaded yet.

Tip: To turn text into a link, highlight the text, then click on a page or file from the list above.

Comments (0)

You don't have permission to comment on this page.

Quantcast