This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Categories"
From OWASP
m (Reverted edits by Jenjava1762 (talk) to last revision by Jtorradogal) |
|||
| (8 intermediate revisions by 5 users not shown) | |||
| Line 1: | Line 1: | ||
==The OWASP Folksonomy Approach to Organizing Application Security== | ==The OWASP Folksonomy Approach to Organizing Application Security== | ||
| − | There are many different ways of organizing all the different aspects of application security. [[Application security taxonomies|Attempts]] to force these topics into a strict taxonomy have failed because there are too many dimensions to the problem. At OWASP, we have adopted the [http://en.wikipedia.org/wiki/Folksonomy folksonomy] tagging approach to solving this problem. We simply tag our articles with a number of different categories. You can use these category to help get different views into the complex, interconnected set of topics that is application security. | + | There are many different ways of organizing all the different aspects of application security. [[Application security taxonomies|Attempts]] to force these topics into a strict taxonomy have failed because there are too many dimensions to the problem. Organizing the information by a single factor -- the type of programming flaw, for example -- confuses and eliminates all the useful information from the other dimensions. |
| + | |||
| + | At OWASP, we have adopted the [http://en.wikipedia.org/wiki/Folksonomy folksonomy] tagging approach to solving this problem. We simply tag our articles with a number of different categories. You can use these category to help get different views into the complex, interconnected set of topics that is application security. | ||
Each article is tagged with as many of the following tags as reasonably apply: | Each article is tagged with as many of the following tags as reasonably apply: | ||
| Line 12: | Line 14: | ||
| [[:Category:Implementation|Implementation]], [[:Category:Design|Design]], [[:Category:Architecture|Architecture]], [[:Category:Business|Business]] | | [[:Category:Implementation|Implementation]], [[:Category:Design|Design]], [[:Category:Architecture|Architecture]], [[:Category:Business|Business]] | ||
|- | |- | ||
| − | | | + | | Countermeasures |
| [[:Category:Authentication|Authentication]], [[:Category:Session Management|Session Management]], [[:Category:Access Control|Access Control]], [[:Category:Validation|Validation]], [[:Category:Encoding|Encoding]], [[:Category:Error Handling|Error Handling]], [[:Category:Logging|Logging]], [[:Category:Encryption|Encryption]], [[:Category:Quotas|Quotas]] | | [[:Category:Authentication|Authentication]], [[:Category:Session Management|Session Management]], [[:Category:Access Control|Access Control]], [[:Category:Validation|Validation]], [[:Category:Encoding|Encoding]], [[:Category:Error Handling|Error Handling]], [[:Category:Logging|Logging]], [[:Category:Encryption|Encryption]], [[:Category:Quotas|Quotas]] | ||
|- | |- | ||
| Line 19: | Line 21: | ||
|- | |- | ||
| Business Impact Factors | | Business Impact Factors | ||
| − | | [[:Category:Confidentiality|Confidentiality]], [[:Category:Integrity|Integrity]], [[:Category:Availability|Availability]], [[:Category:Accountability|Accountability]] | + | | [[:Category:Confidentiality|Confidentiality]], [[:Category:Integrity|Integrity]], [[:Category:Availability|Availability]], [[:Category:Accountability|Accountability]], [[:Category:Non-Repudiation|Non-Repudiation]] |
|- | |- | ||
| Application Platforms | | Application Platforms | ||
Latest revision as of 03:32, 1 February 2016
The OWASP Folksonomy Approach to Organizing Application Security
There are many different ways of organizing all the different aspects of application security. Attempts to force these topics into a strict taxonomy have failed because there are too many dimensions to the problem. Organizing the information by a single factor -- the type of programming flaw, for example -- confuses and eliminates all the useful information from the other dimensions.
At OWASP, we have adopted the folksonomy tagging approach to solving this problem. We simply tag our articles with a number of different categories. You can use these category to help get different views into the complex, interconnected set of topics that is application security.
Each article is tagged with as many of the following tags as reasonably apply:
| Type of Article | Principle, Threat, Attack, Vulnerability, Countermeasure, Code Snippet, How To, Activity |
| Level of Abstraction | Implementation, Design, Architecture, Business |
| Countermeasures | Authentication, Session Management, Access Control, Validation, Encoding, Error Handling, Logging, Encryption, Quotas |
| Likelihood Factors | Attractiveness, Tools Required, Expertise Required |
| Business Impact Factors | Confidentiality, Integrity, Availability, Accountability, Non-Repudiation |
| Application Platforms | Java, .NET, PHP, C/C++ |
| Software Lifecycle Activites | Planning, Requirements, Architecture, Design, Implementation, Test, Deployment, Operation, Maintenance |
| Application Security Activites | Threat Modeling, Security Architecture, Security Requirements, Secure Coding, Penetration Testing, Code Review, Secure Deployment |
| Vulnerability Analysis Technique | Vulnerability Scanning, Penetration Testing, Static Analysis, Code Review |
| Other Application Security Categories | Role, Tool |
