Web Application Security Threats Classification is published

Web Application Security Threats Classification is published The Web Application Security Consortium (WASC), an international made up of experts in web application security field, have issued The Threat Classification that is a classification of attacks and vulnerabilities which can help an attacker to compromise web site, its data or users. This document's primarily purpose is to serve as a reference guide for experts in web application security.

Over 50 experts representing various companies and organization such as Analog, George Washington University, IBM, Imperva, iSec Partners, Inc, KPMG, Microsoft, PayPal, Positive Technologies, Turkcell, and Whitehat Security have participated in the development of the new classification version and other.

The classification contains the following revisions and additions:

Document scope, terminology, and purpose were refined;
Existing sections were updated;
New attacks and vulnerabilities were added;
A firm, scalable base foundation that allows one to introduce data views and to apply various forms of data representation was developed;
Additional reference identifiers (WASC-) were added for attacks and vulnerabilities;
Different views of attack and vulnerability classification were considered (grouping according to the reason of appearance, etc.).

According to Sergey Gordeychik, one of the officers of Web Application Security Consortium and the CTO of Positive Technologies, the project development took more than three years, which considerably exceeded the scheduled term. On the other hand, it allowed the experts to consider most of urgent web application security threats and to lay down a good basis for further classification development. It is planned to publish the new document version, which includes new groupings, elimination methods, and industry standard references, during the first six months of 2010.

The full version of the classification is available on WASC Threat Classification v2.0 Online page.

The Web Application Security Consortium (WASC) is 501c3 non profit made up of an international group of experts, industry practitioners, and organizational representatives who produce open source and widely agreed upon best-practice security standards for the World Wide Web.

As an active community, WASC facilitates the exchange of ideas and organizes several industry projects. WASC consistently releases technical information, contributed articles, security guidelines, and other useful documentation. Businesses, educational institutions, governments, application developers, security professionals, and software vendors all over the world utilize our materials to assist with the challenges presented by web application security.