WASC Releases Web Security Threat Classification

[Jeremiah Grossman <jeremiah () whitehatsec com>]

As mentioned in a thread last month, WASC has been diligently working 
on the
"Web Security Threat Classification" project. The document has been 
completed and is red for download here:

http://www.webappsec.org/threat.html

or read a partial press release snippet first :


Web Application Security Consortium Establishes Official Charter and 
Delivers Web Security Threat Classification

Group Promotes Industry Standard Terminology of Web Security Threats

LAS VEGAS, Nev. - July 28, 2004 - Web Application Security Consortium 
(WASC), a group dedicated to developing and promoting "security 
standards of best practice" for the World Wide Web, announced the 
completion of the WASC official Charter and Web Security Threat 
Classification.

The Web Security Threat Classification is a cooperative effort to 
clarify and organize the threats to the security of a Web site. The 
members of the WASC created this project to develop and promote 
industry standard terminology for describing these issues. With the 
creation of the Web Security Threat Classification, application 
developers, security professionals, software vendors and compliance 
auditors have the ability to access a consistent language for Web 
security related issues.



Regards,

Jeremiah Grossman
WASC Spokesman