Home > Others

Wasc threat classification security threat Classification

Source: Internet
Author: User
Tags xml attribute
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

For those who learn security knowledge for the first time, it is undoubtedly very important to learn the classification of security threats.

The webgoat project of OWASP also classifies some security issues, but its intention is to serve as an example of security learning, rather than being independently classified as security issues.

Web Application Security Consortium (wasc) is an international group composed of security experts, industry consultants, and representatives of many organizations. They are responsible for developing widely accepted application security standards for WWW. One of wasc's key projects is "Web security threat classification", which is "Threat classification ", that is, to describe the threats and attacks to web applications and classify them into common features. This project aims to develop and promote industry standard terms for security risks of Web applications. Wasc threat classification has been released to version 2.0, which has a lot more content than Version 1.0. The specific documents can be found at http://www.webappsec.org. (Some pages need to be turned over the wall ).

Copy these names from the official website.

Attacks

Weaknesses

Abuse of functionality

Application misconfiguration

Brute Force

Directory Indexing

Buffer Overflow

Improper filesystem Permissions

Content Spoofing

Improper input handling

Credential/session Prediction

Improper output handling

Cross-Site Scripting

Information Leakage

Cross-Site Request Forgery

Insecure Indexing

Denial of Service

Insufficient anti-Automation

Fingerprinting

Insufficient Authentication

Format String

Insufficient authorization

HTTP Response smuggling

Insufficient password recovery

HTTP Response Splitting

Insufficient process validation

HTTP Request Smuggling

Insufficient session expiration

HTTP request splitting

Insufficient transport layer protection

Integer Overflows

Server misconfiguration

LDAP Injection

  

Mail Command Injection

  

Null Byte Injection

  

OS commanding

  

Path Traversal

  

Predictable resource location

  

Remote File Transfer Sion (RFI)

  

Routing detour

  

Session Fixation

  

Soap array abuse

  

SSI Injection

  

SQL Injection

  

URL redirector abuse

  

XPath Injection

  

XML Attribute blowup

  

XML external entities

  

XML Entity Expansion

  

XML injection

  

XQuery Injection

  

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
cyber security threat vectors threat modeling designing for security symantec internet security threat report symantec 2017 internet security threat report threat modeling unspsc classification symantec internet security threat report 2017 pdf

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More