Category:OWASP Honeycomb Project

Revision as of 20:31, 30 July 2006 by OWASP (Talk | contribs)

Jump to: navigation, search


In the Honeycomb project, OWASP is assembling the most comprehensive and integrated guide ever attempted to the fundamental building blocks of application security (principles, threats, attacks, vulnerabilities, and countermeasures) through collaborative community efforts. You can view the OWASP Honeycomb Project Roadmap to find out what is being worked on and how you can help.

Basic Categories
Principles Threats Attacks Vulnerabilities Countermeasures
P1 T1 A1 V1 C1
P1 T1 A1 V1 C1


What we are trying to accomplish?

Our basic assumption is that we will never be able to make progress in application security without some basic building blocks. We've identified principles, threats, vulnerabilities, attacks, and countermeasures as the fundamentals to most application security activities. So we've set out to capture all the common names used in these areas, gather as much information as we can about each, and interlink them in a meaningful way.

The difficulties in organizing this information

Most efforts to organization application security information attempt to force the information into a one-dimensional taxonomy of one sort or another. These efforts (including the OWASP Top Ten) have failed to adequately make the information useful. By attempting to simplify application security into a one-dimensional taxonomy makes the information useless for many critical tasks.

The approach we’ve taken

We've decided to apply the 'folksonomy' approach popularized recently to organize information with many complex relationships. So each of the major types of building blocks has its own 'tag' (called a 'category' in MediaWiki). This organizes the basic types of articles. Then within each article, we have references to other related articles, so that it is possible to explore the information set.

Why the name Honeycomb?

We are trying to use a distributed, self-organizing approach to create something beyond any of the individuals involved. We admire many of the characteristics of the honeycomb and hope that we can produce something useful.

How to use the information?

We're not sure all the ways that this information might be used. But we're sure that having all the pieces defined and knowing how they fit together will help.

  • Architects may want to use this information when threat modeling their applications. You'll want to identify combinations of threats, attacks, and vulnerabilities that apply to your system. Then you should select appropriate countermeasures and use the principles to help guide design decisions.
  • Deveopers may want to use this information to learn about different vulnerabilities and to select coding guidelines for their project.
  • Security researchers may want to use this framework to organize their thinking about security and help to ensure completeness.

Volunteers Needed

Our current tactical goals are:

  • Fill in the contents of the stub honeycomb articles (those marked with {{Template:Stub}})
  • Refine the contents and structure of the honeycomb articles
  • Eliminate redundancy in the articles and categories

The following tasks are ready for volunteers:

  • Merge "Buffer overflow", "Buffer Overflow" and related redundant articles
  • Merge "Cross Site Scripting" and "Cross-site_scripting"
  • Merge "SQL Injection" and "SQL injection"

To find out more about what you can help, please go to OWASP Honeycomb Project Roadmap.


Listed on the pages below are all the articles that are a part of the Honeycomb project. It is interesting to browse, but it is just an unstructured list. All the articles are tagged with various categories that are a part of this project to help you find the article you're looking for.

You can start with:


This category has the following 9 subcategories, out of 9 total.


C cont.



Pages in category "OWASP Honeycomb Project"

This category contains only the following page.