logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

WASC

Summary

The WASC Threat Classification is a cooperative effort to clarify and organize the threats to the security of a website. It outlines the attacks and weaknesses that can lead to the compromise of a website, its data or its users. The version used in this section is WASC Threat Classification v2.0.

Definitions

DefinitionRequirements
WASC-A_42. Abuse of functionality
WASC-A_11. Brute force
WASC-A_07. Buffer overflow
WASC-A_12. Content spoofing
WASC-A_18. Credential and session prediction
WASC-A_08. Cross-site scripting
WASC-A_09. Cross-site request forgery
WASC-A_10. Denial of service
WASC-A_26. HTTP request smuggling
WASC-A_03. Integer overflows
WASC-A_29. LDAP injection
WASC-A_30. Mail command injection
WASC-A_31. OS commanding
WASC-A_33. Path traversal
WASC-A_34. Predictable resource location
WASC-A_05. Remote file inclusion (RFI)
WASC-A_37. Session fixation
WASC-A_19. SQL injection
WASC-A_38. URL redirector abuse
WASC-A_39. XPath injection
WASC-A_46. XML injection
WASC-W_15. Application misconfiguration
WASC-W_16. Directory indexing
WASC-W_17. Improper filesystem permissions
WASC-W_20. Improper input handling
WASC-W_22. Improper output handling
WASC-W_13. Information leakage
WASC-W_21. Insufficient anti-automation
WASC-W_01. Insufficient authentication
WASC-W_02. Insufficient authorization
WASC-W_49. Insufficient password recovery
WASC-W_40. Insufficient process validation
WASC-W_47. Insufficient session expiration
WASC-W_04. Insufficient transport layer protection
WASC-W_14. Server misconfiguration

Last updated

2023/09/18