[WEB SECURITY] WASC Announcement: WASC Threat Classification v2.0 Published

Sun Jan 3 14:19:06 EST 2010

Hello participants of Mailing List.

First of all, Happy New Year to all participants of the list.

And about Robert's post.

I was waiting for new WASC Threat Classification in 2009 and at last at
begging of 2010 it has released.

It's a good and long awaited event. Thanks to Robert for information.

Release of new WASC TC in New Year time it's like New Year present for all
web security professionals :-).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

From: robert at xxxxxxxxxxxxx
Subject: [WEB SECURITY] WASC Announcement: WASC Threat Classification v2.0
Published
Date: Fri, 1 Jan 2010 19:56:33 -0500 (EST)

> The Web Application Security Consortium (WASC) is pleased to announce the
> long awaited release of the WASC
> Threat Classification v2.0. The Threat Classification is an effort to
> classify the weaknesses, and attacks
> that can lead to the compromise of a website, its data, or its users. This
> document's primarily purpose is
> to serve as a reference guide for common attacks and weaknesses.
>
> Main goals
> - Refine document scope, terminology, and purpose
> - Update existing sections when applicable
> - Add missing attacks and weaknesses
> - Creation of a firm, scalable base foundation allowing for the
> introduction of data views allowing for various
>   forms of data representation
> - Addition of attack and weakness reference identifiers (WASC-<xx>)
> - Publication of two data views

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA