Difference between revisions of "OWASP Categories"

From OWASP
Jump to: navigation, search
(The OWASP Folksonomy Approach to Organizing Application Security)
(The OWASP Folksonomy Approach to Organizing Application Security)
Line 7: Line 7:
 
{| border="1" cellspacing="0" cellpadding="5" align="center"
 
{| border="1" cellspacing="0" cellpadding="5" align="center"
 
| Type of Article
 
| Type of Article
| [[:Category:Principle|Principle]], [[:Category:Threat|Threat]], [[:Category:Vulnerability|Vulnerability]], [[:Category:Countermeasure|Countermeasure]], [[:Category:Code Snippet|Code Snippet]], [[:Category:How To|How To]], [[:Category:Activity|Activity]]
+
| [[:Category:Principle]], [[:Category:Threat]], [[:Category:Attack]], [[:Category:Vulnerability]], [[:Category:Countermeasure]], [[:Category:Code Snippet]], [[:Category:How To]], [[:Category:Activity]]
 
|-  
 
|-  
 
| Level of Abstraction
 
| Level of Abstraction
| [[:Category:Implementation|Implementation]], [[:Category:Design|Design]], [[:Category:Architecture|Architecture]], [[:Category:Business|Business]]
+
| [[:Category:Implementation]], [[:Category:Design]], [[:Category:Architecture]], [[:Category:Business]]
 
|-  
 
|-  
 
| Related Countermeasures
 
| Related Countermeasures
| [[:Category:Authentication]], [[:Category:Session Management]], [[:Category:Access Control]], [[:Category:Validation]], [[:Category:Encoding]], [[:Category:Error Handling]], [[:Category:Logging|Logging]], [[:Category:Encryption]], [[:Category:Quotas]]
+
| [[:Category:Authentication]], [[:Category:Session Management]], [[:Category:Access Control]], [[:Category:Validation]], [[:Category:Encoding]], [[:Category:Error Handling]], [[:Category:Logging]], [[:Category:Encryption]], [[:Category:Quotas]]
 
|-  
 
|-  
 
| Likelihood Factors
 
| Likelihood Factors
Line 19: Line 19:
 
|-  
 
|-  
 
| Business Impact Factors
 
| Business Impact Factors
| [[:Category:Confidentiality|Confidentiality]], [[:Category:Integrity|Integrity]], [[:Category:Availability|Availability]]
+
| [[:Category:Confidentiality]], [[:Category:Integrity|Integrity]], [[:Category:Availability|Availability]]
 
|-  
 
|-  
 
| Application Platforms
 
| Application Platforms
| [[:Category:Java|Java]], [[:Category:.NET|.NET]], [[:Category:PHP|PHP]], [[:Category:C|C/C++]]
+
| [[:Category:Java]], [[:Category:.NET]], [[:Category:PHP]], [[:Category:C|C/C++]]
 
|-  
 
|-  
 
| Software Lifecycle Activites
 
| Software Lifecycle Activites
| [[:Category:Planning|Planning]], [[:Category:Requirements|Requirements]], [[:Category:Architecture|Architecture]], [[:Category:Design|Design]], [[:Category:Implementation|Implementation]], [[:Category:Test|Test]],  [[:Category:Deployment|Deployment]], [[:Category:Operation|Operation]], [[:Category:Maintenance|Maintenance]]
+
| [[:Category:Planning]], [[:Category:Requirements|Requirements]], [[:Category:Architecture]], [[:Category:Design]], [[:Category:Implementation]], [[:Category:Test]],  [[:Category:Deployment]], [[:Category:Operation]], [[:Category:Maintenance|Maintenance]]
 
|-  
 
|-  
 
| Application Security Activites
 
| Application Security Activites
| [[:Category:Threat Modeling|Threat Modeling]], [[:Category:Security Architecture|Security Architecture]], [[:Category:Security Requirements|Security Requirements]], [[:Category:Secure Coding|Secure Coding]], [[:Category:Penetration Testing|Penetration Testing]], [[:Category:Code Review|Code Review]], [[:Category:Secure Deployment|Secure Deployment]]
+
| [[:Category:Threat Modeling]], [[:Category:Security Architecture]], [[:Category:Security Requirements]], [[:Category:Secure Coding]], [[:Category:Penetration Testing]], [[:Category:Code Review]], [[:Category:Secure Deployment]]
 
|-  
 
|-  
 
| Other Application Security Categories
 
| Other Application Security Categories
| [[:Category:Role|Role]], [[:Category:Tool|Tool]]
+
| [[:Category:Role]], [[:Category:Tool]]
 
|}
 
|}

Revision as of 08:43, 26 May 2006

The OWASP Folksonomy Approach to Organizing Application Security

There are many different ways of organizing all the different aspects of application security. Attempts to force these topics into a strict taxonomy have failed because there are too many dimensions to the problem. At OWASP, we have adopted the folksonomy tagging approach to solving this problem. We simply tag our articles with a number of different categories. You can use these category to help get different views into the complex, interconnected set of topics that is application security.

Each article is tagged with as many of the following tags as reasonably apply:

Type of Article Category:Principle, Category:Threat, Category:Attack, Category:Vulnerability, Category:Countermeasure, Category:Code Snippet, Category:How To, Category:Activity
Level of Abstraction Category:Implementation, Category:Design, Category:Architecture, Category:Business
Related Countermeasures Category:Authentication, Category:Session Management, Category:Access Control, Category:Validation, Category:Encoding, Category:Error Handling, Category:Logging, Category:Encryption, Category:Quotas
Likelihood Factors Category:Attractiveness, Category:Tools Required, Category:Expertise Required
Business Impact Factors Category:Confidentiality, Integrity, Availability
Application Platforms Category:Java, Category:.NET, Category:PHP, C/C++
Software Lifecycle Activites Category:Planning, Requirements, Category:Architecture, Category:Design, Category:Implementation, Category:Test, Category:Deployment, Category:Operation, Maintenance
Application Security Activites Category:Threat Modeling, Category:Security Architecture, Category:Security Requirements, Category:Secure Coding, Category:Penetration Testing, Category:Code Review, Category:Secure Deployment
Other Application Security Categories Category:Role, Category:Tool