Pages

Tuesday, January 5, 2010

WASC Threat Classification v2.0 is Out!

"The Threat Classification is an effort to classify the weaknesses, and attacks that can lead to the compromise of a website, its data, or its users."

The WASC Threat Classification is a cooperative effort to clarify and organize the threats to the security of a web site. The members of the Web Application Security Consortium have created this project to develop and promote industry standard terminology for describing these issues. Application developers, security professionals, software vendors, and compliance auditors will have the ability to access a consistent language and definitions for web security related issues.

WASC Threat Classification v2.0 Online:
http://projects.webappsec.org/Threat-Classification

What's new in the Threat Classification v2:
* Expanded Mission Statement
* Clarified terminology
* Proper Classification of threats into Attacks and Weaknesses for static/core view
* Base foundation allowing for the introduction of views into future releases.

No comments:

Post a Comment