Difference between revisions of "OWASP Categories"

Jump to: navigation, search
(The OWASP Folksonomy Approach to Organizing Application Security)
Line 13: Line 13:
| Related Countermeasures
| Related Countermeasures
| [[:Category:Authentication|Authentication]], [[:Category:Session Management|Session Management]], [[:Category:Access Control|Access Control]], [[:Category:Input Validation|Input Validation]], [[:Category:Error Handling|Error Handling]], [[:Category:Logging|Logging]], [[:Category:Encryption|Encryption]], [[:Category:Quotas|Quotas]]
| [[:Category:Authentication]], [[:Category:Session Management]], [[:Category:Access Control]], [[:Category:Validation]], [[:Category:Encoding]], [[:Category:Error Handling]], [[:Category:Logging|Logging]], [[:Category:Encryption]], [[:Category:Quotas]]
| Likelihood Factors
| Likelihood Factors

Revision as of 20:18, 24 May 2006

The OWASP Folksonomy Approach to Organizing Application Security

There are many different ways of organizing all the different aspects of application security. Attempts to force these topics into a strict taxonomy have failed because there are too many dimensions to the problem. At OWASP, we have adopted the folksonomy tagging approach to solving this problem. We simply tag our articles with a number of different categories. You can use these category to help get different views into the complex, interconnected set of topics that is application security.

Each article is tagged with as many of the following tags as reasonably apply:

Type of Article Principle, Threat, Vulnerability, Countermeasure, Code Snippet, How To, Activity
Level of Abstraction Implementation, Design, Architecture, Business
Related Countermeasures Category:Authentication, Category:Session Management, Category:Access Control, Category:Validation, Category:Encoding, Category:Error Handling, Logging, Category:Encryption, Category:Quotas
Likelihood Factors Attractive, Tools Required, Expertise Required
Business Impact Factors Confidentiality, Integrity, Availability
Application Platforms Java, .NET, PHP, C/C++
Software Lifecycle Activites Planning, Requirements, Architecture, Design, Implementation, Test, Deployment, Operation, Maintenance
Application Security Activites Threat Modeling, Security Architecture, Security Requirements, Secure Coding, Penetration Testing, Code Review, Secure Deployment
Other Application Security Categories Role, Tool