Classification of weaknesses and attacks
The Web Application Security Consortium (WASC) released Threat Classification 2.0. The Threat Classification is an effort to classify the weaknesses, and attacks that can lead to the compromise of a website, its data, or its users.
The TC is created and reviewed by industry experts with years of experience. The primary use is as a reference guide that can be included in security reports, security defects, presentations, and more. The TC content appears is numerous books, security products, and 3rd party security classification systems.
Here’s a partial list of companies utilizing the TC:
- IBM (AppScan)
- HP (Webinspect)
- WhiteHat Security (Sentinel)
- Positive Technologies (MaxPatrol) and Services
- Qualys (QualysGuard Web Application Scanning)
- F5 (Application Security Manager)
- HoneyApps (Conduit).