[WEB SECURITY] WASC Threat Classification Project - Call for Participants

robert at webappsec.org robert at webappsec.org
Wed Mar 30 15:02:54 EDT 2011


Hello Everyone,

The WASC Threat Classification Project is restarting and is seeking people to contribute
towards the next revision of the WASC Threat Classification. The latest version of
the WASC TC can be located at http://projects.webappsec.org/Threat-Classification .

About the Threat Classification
"The Threat Classification is an effort to classify the weaknesses, and attacks that 
 can lead to the compromise of a website, its data, or its users."

At this stage we're working on adding a much needed crypto section to the TC, to identify and create 
additional data views (see http://projects.webappsec.org/Threat-Classification-Views), explore
adding mitigations, and enhance some of our existing sections.

We are currently seeking participants in the following area's

Peer Reviewers: This would involve reading a section and providing comments to a mailing 
                list with things you think could be improved.  

Content Authors: This would involve enhancing existing sections, or authoring new sections.

Data View Authors: This would involve creating new Data Views (http://projects.webappsec.org/Threat-Classification-FAQ).

Those contributing towards this project will be fully credited in the final document which we hope to 
have released in the early second half of this year.

If you're interested please reply to this email.

Regards,
- Robert Auger
http://projects.webappsec.org/Threat-Classification
WASC Threat Classification Project Leader




More information about the websecurity mailing list