This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Access control"
m |
|||
| Line 4: | Line 4: | ||
{{Stub}} | {{Stub}} | ||
| + | {{Template:Control}} | ||
| + | |||
| + | Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | ||
| + | |||
| + | ==Description== | ||
| + | |||
| + | A control (countermeasure or security control) is a protection mechanism that prevents, deters, or detects attacks, or prevents or reduces vulnerabilities. | ||
| + | |||
| + | # Start with a one-sentence description of the control | ||
| + | # How does the countermeasure work? | ||
| + | # What are some examples of implementations of the control (steer clear of specific products) | ||
| + | |||
| + | |||
| + | ==Risk Factors== | ||
| + | |||
| + | * Talk about the [[OWASP Risk Rating Methodology|factors]] that this control affects | ||
| + | * What effect does this countermeasure have on the attack or vulnerability? | ||
| + | * Does this control reduce the technical or business impact? | ||
| + | |||
| + | |||
| + | ==Difficulty to Implement== | ||
| + | |||
| + | * Discuss the typical difficulty of implementing this control, emphasizing the factors that make it easier or harder | ||
| + | * Steer clear of language/platform specific information here | ||
| + | |||
| + | |||
| + | ==Examples== | ||
| + | |||
| + | ===Short example name=== | ||
| + | : A short example description, small picture, or sample code with [http://www.site.com links] | ||
| + | |||
| + | ===Short example name=== | ||
| + | : A short example description, small picture, or sample code with [http://www.site.com links] | ||
| + | |||
| + | |||
| + | ==Related [[Attacks]]== | ||
| + | |||
| + | * [[Attack 1]] | ||
| + | * [[Attack 2]] | ||
| + | |||
| + | |||
| + | ==Related [[Vulnerabilities]]== | ||
| + | |||
| + | * [[Vulnerability 1]] | ||
| + | * [[Vulnerabiltiy 2]] | ||
| + | |||
| + | Note: the contents of "Related Problems" sections should be placed here | ||
| + | |||
| + | |||
| + | ==Related [[Controls]]== | ||
| + | |||
| + | * [[Control 1]] | ||
| + | * [[Control 2]] | ||
| + | |||
| + | Note: contents of "Avoidance and Mitigation" and "Countermeasure" related Sections should be placed here | ||
| + | |||
| + | ==References== | ||
| + | |||
| + | * http://www.link1.com | ||
| + | * [http://www.link2.com Title for the link2] | ||
| + | |||
| + | |||
| + | In addition, one should classify control based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Control]]</nowiki> | ||
| + | |||
| + | Availability Control | ||
| + | |||
| + | Authorization Control | ||
| + | |||
| + | Authentication Control | ||
| + | |||
| + | Concurrency Control | ||
| + | |||
| + | Configuration Control | ||
| + | |||
| + | Cryptographic Control | ||
| + | |||
| + | Encoding Control | ||
| + | |||
| + | Error Handling Control | ||
| + | |||
| + | Input Validation Control | ||
| + | |||
| + | Logging and Auditing Control | ||
| + | |||
| + | Session Management Control | ||
| + | |||
| + | __NOTOC__ | ||
Revision as of 11:31, 20 September 2008
This is a control. To view all control, please see the Control Category page.
Check Broken Access Control for contents.
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
This is a control. To view all control, please see the Control Category page.
Last revision (mm/dd/yy): 09/20/2008
Description
A control (countermeasure or security control) is a protection mechanism that prevents, deters, or detects attacks, or prevents or reduces vulnerabilities.
- Start with a one-sentence description of the control
- How does the countermeasure work?
- What are some examples of implementations of the control (steer clear of specific products)
Risk Factors
- Talk about the factors that this control affects
- What effect does this countermeasure have on the attack or vulnerability?
- Does this control reduce the technical or business impact?
Difficulty to Implement
- Discuss the typical difficulty of implementing this control, emphasizing the factors that make it easier or harder
- Steer clear of language/platform specific information here
Examples
Short example name
- A short example description, small picture, or sample code with links
Short example name
- A short example description, small picture, or sample code with links
Related Attacks
Related Vulnerabilities
Note: the contents of "Related Problems" sections should be placed here
Related Controls
Note: contents of "Avoidance and Mitigation" and "Countermeasure" related Sections should be placed here
References
In addition, one should classify control based on the following subcategories: Ex:[[Category:Error Handling Control]]
Availability Control
Authorization Control
Authentication Control
Concurrency Control
Configuration Control
Cryptographic Control
Encoding Control
Error Handling Control
Input Validation Control
Logging and Auditing Control
Session Management Control
