Web Application Security Consortium:

Threat Classification

www.webappsec.org

Version: 1.00

Description

The Web Security Threat Classification is a cooperative effort to

clarify and organize the threats to the security of a web site. The

members of the Web Application Security Consortium have created

this project to develop and promote industry standard terminology for

describing these issues. Application developers, security

professionals, software vendors, and compliance auditors will have

the ability to access a consistent language for web security related

issues.

Goals

   Identify all known web application security classes of attack.

   Agree on naming for each class of attack.

   Develop a structured manner to organize the classes of attack.

   Develop documentation that provides generic descriptions of

each class of attack.

Documentation Uses

Further understand and articulate the security risks that threaten web

sites. Enhance secure programming practices to prevent security

issues during application development. Serve as a guideline to

determine if web sites have been designed, developed, and reviewed

against all the known threats. Assist with understanding the

capabilities and selection of web security solutions.

1

Copyright 2004, Web Application Security Consortium. All rights reserved.