This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Control template"
Leocavallari (talk | contribs) |
Leocavallari (talk | contribs) |
||
| Line 2: | Line 2: | ||
Every '''[[Control]]''' should follow this template. | Every '''[[Control]]''' should follow this template. | ||
| + | |||
| + | {{Template:Control}} | ||
==Description== | ==Description== | ||
| Line 61: | Line 63: | ||
| − | When the article is reviewed, the "Honeycomb" category | + | When the article is reviewed, the "Honeycomb" category (<nowiki>[[Category:OWASP Honeycomb Project]]</nowiki>) SHOULD be replaced with the "ASDR" category. |
| − | <nowiki>[[Category:OWASP Honeycomb Project]]</nowiki> | ||
<nowiki>[[Category:OWASP ASDR Project]]</nowiki> | <nowiki>[[Category:OWASP ASDR Project]]</nowiki> | ||
| + | |||
| + | In addition, one should classify control based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Control]]</nowiki> | ||
| + | Authorization Control | ||
| + | Authentication Control | ||
| + | Configuration Control | ||
| + | Cryptographic Control | ||
| + | Encoding Control | ||
| + | Error Handling Control | ||
| + | Input Validation Control | ||
| + | Logging and Auditing Control | ||
| + | Session Management Control | ||
| + | Concurrency Control | ||
| + | Availability Control | ||
| + | |||
__NOTOC__ | __NOTOC__ | ||
Revision as of 14:39, 2 May 2008
Last revision (mm/dd/yy): 05/2/2008
Every Control should follow this template.
This is a control. To view all control, please see the Control Category page.
Description
A control (countermeasure or security control) is a protection mechanism that prevents, deters, or detects attacks, or prevents or reduces vulnerabilities.
- Start with a one-sentence description of the control
- How does the countermeasure work?
- What are some examples of implementations of the control (steer clear of specific products)
Risk Factors
- Talk about the factors that this control affects
- What effect does this countermeasure have on the attack or vulnerability?
- Does this control reduce the technical or business impact?
Difficulty to Implement
- Discuss the typical difficulty of implementing this control, emphasizing the factors that make it easier or harder
- Steer clear of language/platform specific information here
Examples
Short example name
- A short example description, small picture, or sample code with links
Short example name
- A short example description, small picture, or sample code with links
Related Attacks
Related Vulnerabilities
Note: the contents of "Related Problems" sections should be placed here
Related Controls
Note: contents of "Avoidance and Mitigation" and "Countermeasure" related Sections should be placed here
References
When the article is reviewed, the "Honeycomb" category ([[Category:OWASP Honeycomb Project]]) SHOULD be replaced with the "ASDR" category.
[[Category:OWASP ASDR Project]]
In addition, one should classify control based on the following subcategories: Ex:[[Category:Error Handling Control]] Authorization Control Authentication Control Configuration Control Cryptographic Control Encoding Control Error Handling Control Input Validation Control Logging and Auditing Control Session Management Control Concurrency Control Availability Control
