Web Application Security Consortium Completes Web Security Threat Classification

HostReview.com
Thursday, July 29, 2004; 12:00 AM

July 29, 2004 - (HostReview.com) - Web Application Security Consortium (www.webappsec.org), a group dedicated to developing and promoting "security standards of best practice" for the World Wide Web, announced the completion of the WASC official Charter and Web Security Threat Classification.

"The Web Application Security Consortium brings together leading experts in the field to develop a common classification of Web application security problems." said Jeremiah Grossman, spokesperson and co-founder of WASC. "WASC members are eager to continue the momentum of our efforts and look forward to new projects to share with the security community."

The Web Security Threat Classification is a cooperative effort to clarify and organize the threats to the security of a Web site. The members of the WASC created this project to develop and promote industry standard terminology for describing these issues. With the creation of the Web Security Threat Classification, application developers, security professionals, software vendors and compliance auditors have the ability to access a consistent language for Web security related issues.

Web security vulnerabilities continually impact the critical risk of doing business on the Web. When any Web security vulnerability is identified, performing the attack requires using at least one of several application attack techniques, or class of attack.
The Web Security Threat Classification compiles and distills the known unique classes of attack, which have presented a threat to Web sites in the past. Independent security review methodologies, secure development guidelines, and product/service capability requirements will all benefit from WASC's Web Security Threat Classification.

Founded in January 2004, the Web Application Security Consortium (WASC) is a group of top security experts dedicated to developing and promoting standards of best practice for the World Wide Web.