{ "title": "WASC v2", "type": "wascv2", "description": "The WASC Threat Classification is a cooperative effort to clarify and organize the threats to the security of a web site. The members of the Web Application Security Consortium have created this project to develop and promote industry standard terminology for describing these issues. Application developers, security professionals, software vendors, and compliance auditors will have the ability to access a consistent language for web security related issues.", "custom": false, "items": [ { "reference": "WASC-01", "title": "Insufficient Authentication", "description": "", "url": "http://projects.webappsec.org/Insufficient-Authentication" }, { "reference": "WASC-02", "title": "Insufficient Authorization", "description": "", "url": "http://projects.webappsec.org/Insufficient-Authorization" }, { "reference": "WASC-03", "title": "Integer Overflows", "description": "", "url": "http://projects.webappsec.org/Integer-Overflows" }, { "reference": "WASC-04", "title": "Insufficient Transport Layer Protection", "description": "", "url": "http://projects.webappsec.org/Insufficient-Transport-Layer-Protection" }, { "reference": "WASC-05", "title": "Remote File Inclusion", "description": "", "url": "http://projects.webappsec.org/Remote-File-Inclusion" }, { "reference": "WASC-06", "title": "Format String", "description": "", "url": "http://projects.webappsec.org/Format-String" }, { "reference": "WASC-07", "title": "Buffer Overflow", "description": "", "url": "http://projects.webappsec.org/Buffer-Overflow" }, { "reference": "WASC-08", "title": "Cross-site Scripting", "description": "", "url": "http://projects.webappsec.org/Cross-Site-Scripting" }, { "reference": "WASC-09", "title": "Cross-site Request Forgery", "description": "", "url": "http://projects.webappsec.org/Cross-Site-Request-Forgery" }, { "reference": "WASC-10", "title": "Denial of Service", "description": "", "url": "http://projects.webappsec.org/Denial-of-Service" }, { "reference": "WASC-11", "title": "Brute Force", "description": "", "url": "http://projects.webappsec.org/Brute-Force" }, { "reference": "WASC-12", "title": "Content Spoofing", "description": "", "url": "http://projects.webappsec.org/Content-Spoofing" }, { "reference": "WASC-13", "title": "Information Leakage", "description": "", "url": "http://projects.webappsec.org/Information-Leakage" }, { "reference": "WASC-14", "title": "Server Misconfiguration", "description": "", "url": "http://projects.webappsec.org/Server-Misconfiguration" }, { "reference": "WASC-15", "title": "Application Misconfiguration", "description": "", "url": "http://projects.webappsec.org/Application-Misconfiguration" }, { "reference": "WASC-16", "title": "Directory Indexing", "description": "", "url": "http://projects.webappsec.org/Directory-Indexing" }, { "reference": "WASC-17", "title": "Improper Filesystem Permissions", "description": "", "url": "http://projects.webappsec.org/Improper-Filesystem-Permissions" }, { "reference": "WASC-18", "title": "Credential/Session Prediction", "description": "", "url": "http://projects.webappsec.org/Credential-and-Session-Prediction" }, { "reference": "WASC-19", "title": "SQL Injection", "description": "", "url": "http://projects.webappsec.org/SQL-Injection" }, { "reference": "WASC-20", "title": "Improper Input Handling", "description": "", "url": "http://projects.webappsec.org/Improper-Input-Handling" }, { "reference": "WASC-21", "title": "Insufficient Anti-automation", "description": "", "url": "http://projects.webappsec.org/Insufficient+Anti-automation" }, { "reference": "WASC-22", "title": "Improper Output Handling", "description": "", "url": "http://projects.webappsec.org/Improper-Output-Handling" }, { "reference": "WASC-23", "title": "XML Injection", "description": "", "url": "http://projects.webappsec.org/XML-Injection" }, { "reference": "WASC-24", "title": "HTTP Request Splitting", "description": "", "url": "http://projects.webappsec.org/HTTP-Request-Splitting" }, { "reference": "WASC-25", "title": "HTTP Response Splitting", "description": "", "url": "http://projects.webappsec.org/HTTP-Response-Splitting" }, { "reference": "WASC-26", "title": "HTTP Request Smuggling", "description": "", "url": "http://projects.webappsec.org/HTTP-Request-Smuggling" }, { "reference": "WASC-27", "title": "HTTP Response Smuggling", "description": "", "url": "http://projects.webappsec.org/HTTP-Response-Smuggling" }, { "reference": "WASC-28", "title": "Null Byte Injection", "description": "", "url": "http://projects.webappsec.org/Null-Byte-Injection" }, { "reference": "WASC-29", "title": "LDAP Injection", "description": "", "url": "http://projects.webappsec.org/LDAP-Injection" }, { "reference": "WASC-30", "title": "Mail Command Injection", "description": "", "url": "http://projects.webappsec.org/Mail-Command-Injection" }, { "reference": "WASC-31", "title": "OS Commanding", "description": "", "url": "http://projects.webappsec.org/OS-Commanding" }, { "reference": "WASC-32", "title": "Routing Detour", "description": "", "url": "http://projects.webappsec.org/Routing-Detour" }, { "reference": "WASC-33", "title": "Path Traversal", "description": "", "url": "http://projects.webappsec.org/Path-Traversal" }, { "reference": "WASC-34", "title": "Predictable Resource Location", "description": "", "url": "http://projects.webappsec.org/Predictable-Resource-Location" }, { "reference": "WASC-35", "title": "SOAP Array Abuse", "description": "", "url": "http://projects.webappsec.org/SOAP-Array-Abuse" }, { "reference": "WASC-36", "title": "SSI Injection", "description": "", "url": "http://projects.webappsec.org/SSI-Injection" }, { "reference": "WASC-37", "title": "Session Fixation", "description": "", "url": "http://projects.webappsec.org/Session-Fixation" }, { "reference": "WASC-38", "title": "URL Redirector Abuse", "description": "", "url": "http://projects.webappsec.org/URL-Redirector-Abuse" }, { "reference": "WASC-39", "title": "XPath Injection", "description": "", "url": "http://projects.webappsec.org/XPath-Injection" }, { "reference": "WASC-40", "title": "Insufficient Process Validation", "description": "", "url": "http://projects.webappsec.org/Insufficient-Process-Validation" }, { "reference": "WASC-41", "title": "XML Attribute Blowup", "description": "", "url": "http://projects.webappsec.org/XML-Attribute-Blowup" }, { "reference": "WASC-42", "title": "Abuse of Functionality", "description": "", "url": "http://projects.webappsec.org/Abuse-of-Functionality" }, { "reference": "WASC-43", "title": "XML External Entities", "description": "", "url": "http://projects.webappsec.org/XML-External-Entities" }, { "reference": "WASC-44", "title": "XML Entity Expansion", "description": "", "url": "http://projects.webappsec.org/XML-Entity-Expansion" }, { "reference": "WASC-45", "title": "Fingerprinting", "description": "", "url": "http://projects.webappsec.org/Fingerprinting" }, { "reference": "WASC-46", "title": "XQuery Injection", "description": "", "url": "http://projects.webappsec.org/XQuery-Injection" }, { "reference": "WASC-47", "title": "Insufficient Session Expiration", "description": "", "url": "http://projects.webappsec.org/Insufficient-Session-Expiration" }, { "reference": "WASC-48", "title": "Insecure Indexing", "description": "", "url": "http://projects.webappsec.org/Insecure-Indexing" }, { "reference": "WASC-49", "title": "Insufficient Password Recovery", "description": "", "url": "http://projects.webappsec.org/Insufficient-Password-Recovery" } ] }