The Web Application Security Consortium (WASC) released Threat Classification 2.0. The Threat Classification is an effort to classify the weaknesses, and attacks that can lead to the compromise of a website, its data, or its users.
The TC is created and reviewed by industry experts with years of experience. The primary use is as a reference guide that can be included in security reports, security defects, presentations, and more. The TC content appears is numerous books, security products, and 3rd party security classification systems.
Here’s a partial list of companies utilizing the TC:
- IBM (AppScan)
- HP (Webinspect)
- WhiteHat Security (Sentinel)
- Positive Technologies (MaxPatrol) and Services
- Qualys (QualysGuard Web Application Scanning)
- F5 (Application Security Manager)
- HoneyApps (Conduit).