WASC (
The Web Application Security Consortium) har precis släppt version 2.0 av sin hot-kategorisering:
WASC Threat Classification. Det är ett bra referensmaterial för säkerhetsrapporter eller presentationer och innehåller beskrivningar och exempel på hot och attacker.
Här är den övergripande kategoriseringen:
| Attacks | Weaknesses |
| Abuse of Functionality | Application Misconfiguration |
| Brute Force | Directory Indexing |
| Buffer Overflow | Improper Filesystem Permissions |
| Content Spoofing | Improper Input Handling |
| Credential/Session Prediction | Improper Output Handling |
| Cross-Site Scripting | Information Leakage |
| Cross-Site Request Forgery | Insecure Indexing |
| Denial of Service | Insufficient Anti-automation |
| Fingerprinting | Insufficient Authentication |
| Format String | Insufficient Authorization |
| HTTP Response Smuggling | Insufficient Password Recovery |
| HTTP Response Splitting | Insufficient Process Validation |
| HTTP Request Smuggling | Insufficient Session Expiration |
| HTTP Request Splitting | Insufficient Transport Layer Protection |
| Integer Overflows | Server Misconfiguration |
| LDAP Injection | |
| Mail Command Injection | |
| Null Byte Injection | |
| OS Commanding | |
| Path Traversal | |
| Predictable Resource Location | |
| Remote File Inclusion (RFI) | |
| Routing Detour | |
| Session Fixation | |
| SOAP Array Abuse | |
| SSI Injection | |
| SQL Injection | |
| URL Redirector Abuse | |
| XPath Injection | |
| XML Attribute Blowup | |
| XML External Entities | |
| XML Entity Expansion | |
| XML Injection | |
| XQuery Injection | |
Inga kommentarer:
Skicka en kommentar