WASC releases Threat Classification

They've been very quiet for a number of months and now you know what they have been doing - working on the Threat Classification document. The goal of the document is to establish a common web security vocabulary in order to avoid confusion among developers. Problems are categorized in six classes: "Authentication, Authorization, Client-side Attacks, Command Execution, Information Disclosure, and Logical Attacks". There are 24 problem definitions in total.

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.