Classification of weaknesses and attacks

eBook: The DevOps Roadmap for Security - Tips and tools for bridging the security tribe into DevOps. Download →

The Web Application Security Consortium (WASC) released Threat Classification 2.0. The Threat Classification is an effort to classify the weaknesses, and attacks that can lead to the compromise of a website, its data, or its users.

The TC is created and reviewed by industry experts with years of experience. The primary use is as a reference guide that can be included in security reports, security defects, presentations, and more. The TC content appears is numerous books, security products, and 3rd party security classification systems.

Here’s a partial list of companies utilizing the TC:

  • IBM (AppScan)
  • HP (Webinspect)
  • WhiteHat Security (Sentinel)
  • Positive Technologies (MaxPatrol) and Services
  • Qualys (QualysGuard Web Application Scanning)
  • F5 (Application Security Manager)
  • HoneyApps (Conduit).