Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

WASC releases Threat Classification

They've been very quiet for a number of months and now you know what they have been doing - working on the Threat Classification document. The goal of the document is to establish a common web security vocabulary in order to avoid confusion among developers. Problems are categorized in six classes: "Authentication, Authorization, Client-side Attacks, Command Execution, Information Disclosure, and Logical Attacks". There are 24 problem definitions in total.