logo

Database

WASC

Last updated: 2023/09/18
logo

The WASC Threat Classification is a cooperative effort to clarify and organize the threats to the security of a website. It outlines the attacks and weaknesses that can lead to the compromise of a website, its data or its users. The version used in this section is WASC Threat Classification v2.0.

Control-Requirement Mapping

DefinitionRequirements
A_42. Abuse of functionality
A_11. Brute force
A_07. Buffer overflow
A_12. Content spoofing
A_18. Credential and session prediction
A_08. Cross-site scripting
A_09. Cross-site request forgery
A_10. Denial of service
A_26. HTTP request smuggling
A_03. Integer overflows
A_29. LDAP injection
A_30. Mail command injection
A_31. OS commanding
A_33. Path traversal
A_34. Predictable resource location
A_05. Remote file inclusion (RFI)
A_37. Session fixation
A_19. SQL injection
A_38. URL redirector abuse
A_39. XPath injection
A_46. XML injection
W_15. Application misconfiguration
W_16. Directory indexing
W_17. Improper filesystem permissions
W_20. Improper input handling
W_22. Improper output handling
W_13. Information leakage
W_21. Insufficient anti-automation
W_01. Insufficient authentication
W_02. Insufficient authorization
W_49. Insufficient password recovery
W_40. Insufficient process validation
W_47. Insufficient session expiration
W_04. Insufficient transport layer protection
W_14. Server misconfiguration