Classification of weaknesses and attacks

The Web Application Security Consortium (WASC) released Threat Classification 2.0. The Threat Classification is an effort to classify the weaknesses, and attacks that can lead to the compromise of a website, its data, or its users.

The TC is created and reviewed by industry experts with years of experience. The primary use is as a reference guide that can be included in security reports, security defects, presentations, and more. The TC content appears is numerous books, security products, and 3rd party security classification systems.

Here’s a partial list of companies utilizing the TC:

IBM (AppScan)
HP (Webinspect)
WhiteHat Security (Sentinel)
Positive Technologies (MaxPatrol) and Services
Qualys (QualysGuard Web Application Scanning)
F5 (Application Security Manager)
HoneyApps (Conduit).

Classification of weaknesses and attacks

Don't miss

CISA releases free tool for detecting malicious activity in Microsoft cloud environments

Top ways attackers are targeting your endpoints

Why organizations shouldn’t fold to cybercriminal requests

Fake ChatGPT for Google extension hijacks Facebook accounts

A common user mistake can lead to compromised Okta login credentials