This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Countermeasure template"
From OWASP
| (One intermediate revision by the same user not shown) | |||
| Line 21: | Line 21: | ||
* Discuss the typical difficulty of implementing this control, emphasizing the factors that make it easier or harder | * Discuss the typical difficulty of implementing this control, emphasizing the factors that make it easier or harder | ||
* Steer clear of language/platform specific information here | * Steer clear of language/platform specific information here | ||
| + | |||
==Examples== | ==Examples== | ||
| Line 29: | Line 30: | ||
; Short example name | ; Short example name | ||
: One paragraph example description with [http://www.site.com links] | : One paragraph example description with [http://www.site.com links] | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Latest revision as of 05:04, 13 February 2008
Every Countermeasure should follow this template.
Description
An countermeasure (or security control) is a protection mechanism that prevents, deters, or detects attacks, or prevents or reduces vulnerabilities.
- Start with a one-sentence description of the countermeasure
- How does the countermeasure work?
- What are some examples of implementations of the countermeasure (steer clear of specific products)
Risk Factors
- Talk about the factors that this countermeasure affects
- What effect does this countermeasure have on the attack or vulnerability?
- Does this countermeasure reduce the technical or business impact?
Difficulty to Implement
- Discuss the typical difficulty of implementing this control, emphasizing the factors that make it easier or harder
- Steer clear of language/platform specific information here
Examples
- Short example name
- One paragraph example description with links
- Short example name
- One paragraph example description with links
Related Attacks
Related Vulnerabilities
Note: the contents of "Related Problems" sections should be placed here
Related Countermeasures
Note: contents of "Avoidance and Mitigation" Sections should be placed here
References
When the article is reviewed, the "Honeycomb" category can be removed and replaced with the "ASDR" category
[[Category:OWASP Honeycomb Project]]
[[Category:OWASP ASDR Project]]
