This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Countermeasure template"
Leocavallari (talk | contribs) (New page: ==Description== This is the structure of a Countermeasure Article. Sections "Overview", "Abstract", "Discussion", "Required Resources" and "Plataform", if existent, should be properly de...) |
|||
| Line 19: | Line 19: | ||
==Difficult to Implement== | ==Difficult to Implement== | ||
| + | Every '''[[Countermeasure]]''' should follow this template. | ||
| − | == | + | ==Description== |
| + | An countermeasure (or security control) is a protection mechanism that prevents, deters, or detects attacks, or prevents or reduces vulnerabilities. | ||
| − | + | # Start with a one-sentence description of the countermeasure | |
| − | + | # How does the countermeasure work? | |
| + | # What are some examples of implementations of the countermeasure (steer clear of specific products) | ||
| − | == | + | ==Risk Factors== |
| − | |||
| + | * Talk about the [[OWASP Risk Rating Methodology|factors]] that this countermeasure affects | ||
| + | * What effect does this countermeasure have on the attack or vulnerability? | ||
| + | * Does this countermeasure reduce the technical or business impact? | ||
| − | |||
| + | ==Difficulty to Implement== | ||
| − | ==Related | + | * Discuss the typical difficulty of implementing this control, emphasizing the factors that make it easier or harder |
| + | * Steer clear of language/platform specific information here | ||
| + | |||
| + | ==Examples== | ||
| + | |||
| + | ; Short example name | ||
| + | : One paragraph example description with [http://www.site.com links] | ||
| + | |||
| + | ; Short example name | ||
| + | : One paragraph example description with [http://www.site.com links] | ||
| + | |||
| + | |||
| + | ==Related [[Threat Agents]]== | ||
| + | |||
| + | * [[Threat Agent 1]] | ||
| + | * [[Threat Agent 2]] | ||
| + | |||
| + | |||
| + | ==Related [[Attacks]]== | ||
| + | |||
| + | * [[Attack 1]] | ||
| + | * [[Attack 2]] | ||
| + | |||
| + | |||
| + | ==Related [[Vulnerabilities]]== | ||
| + | |||
| + | * [[Vulnerability 1]] | ||
| + | * [[Vulnerabiltiy 2]] | ||
| + | |||
| + | Note: the contents of "Related Problems" sections should be placed here | ||
| + | |||
| + | |||
| + | ==Related [[Countermeasures]]== | ||
| + | |||
| + | * [[Countermeasure 1]] | ||
| + | * [[Countermeasure 2]] | ||
| + | |||
| + | Note: contents of "Avoidance and Mitigation" Sections should be placed here | ||
==References== | ==References== | ||
| + | * http://www.link1.com | ||
| + | * [http://www.link2.com Title for the link] | ||
| + | |||
| + | |||
| + | When the article is reviewed, the "Honeycomb" category can be removed and replaced with the "ASDR" category | ||
| + | <nowiki>[[Category:OWASP Honeycomb Project]]</nowiki> | ||
| + | <nowiki>[[Category:OWASP ASDR Project]]</nowiki> | ||
| − | + | __NOTOC__ | |
| − | |||
Revision as of 04:41, 13 February 2008
Description
This is the structure of a Countermeasure Article.
Sections "Overview", "Abstract", "Discussion", "Required Resources" and "Plataform", if existent, should be properly describe here, without subsections.
In case of a "Exposure Period" section exists, it should be placed here as a subsection. Ex:===Exposure Period===
Examples
Example 1
Example n
Difficult to Implement
Every Countermeasure should follow this template.
Description
An countermeasure (or security control) is a protection mechanism that prevents, deters, or detects attacks, or prevents or reduces vulnerabilities.
- Start with a one-sentence description of the countermeasure
- How does the countermeasure work?
- What are some examples of implementations of the countermeasure (steer clear of specific products)
Risk Factors
- Talk about the factors that this countermeasure affects
- What effect does this countermeasure have on the attack or vulnerability?
- Does this countermeasure reduce the technical or business impact?
Difficulty to Implement
- Discuss the typical difficulty of implementing this control, emphasizing the factors that make it easier or harder
- Steer clear of language/platform specific information here
Examples
- Short example name
- One paragraph example description with links
- Short example name
- One paragraph example description with links
Related Threat Agents
Related Attacks
Related Vulnerabilities
Note: the contents of "Related Problems" sections should be placed here
Related Countermeasures
Note: contents of "Avoidance and Mitigation" Sections should be placed here
References
When the article is reviewed, the "Honeycomb" category can be removed and replaced with the "ASDR" category
[[Category:OWASP Honeycomb Project]]
[[Category:OWASP ASDR Project]]
