This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Control template"

From OWASP
Jump to: navigation, search
 
(7 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
Every '''[[Control]]''' should follow this template.
 
Every '''[[Control]]''' should follow this template.
 +
 +
{{Template:Control}}
 +
<br>
 +
[[Category:OWASP ASDR Project]]
 +
__TOC__
 +
 +
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
  
 
==Description==
 
==Description==
Line 48: Line 55:
 
==Related [[Controls]]==
 
==Related [[Controls]]==
  
* [[Countermeasure 1]]
+
* [[Control 1]]
* [[Countermeasure 2]]
+
* [[Control 2]]
  
 
Note: contents of "Avoidance and Mitigation" and "Countermeasure" related Sections should be placed here
 
Note: contents of "Avoidance and Mitigation" and "Countermeasure" related Sections should be placed here
 
  
 
==References==
 
==References==
  
 
* http://www.link1.com
 
* http://www.link1.com
* [http://www.link2.com Title for the link]
+
* [http://www.link2.com Title for the link2]
 +
 
 +
 
 +
In addition, one should classify control based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Control]]</nowiki>
 +
 
 +
Availability Control
 +
 
 +
Authorization Control
 +
 
 +
Authentication Control
 +
 
 +
Concurrency Control
 +
 
 +
Configuration Control
 +
 
 +
Cryptographic Control
 +
 
 +
Encoding Control
 +
 
 +
Error Handling Control
 +
 
 +
Input Validation Control
  
 +
Logging and Auditing Control
  
When the article is reviewed, the "Honeycomb" category SHOULD be removed and replaced with the "ASDR" category
+
Session Management Control
<nowiki>[[Category:OWASP Honeycomb Project]]</nowiki>
 
<nowiki>[[Category:OWASP ASDR Project]]</nowiki>
 
  
 
__NOTOC__
 
__NOTOC__

Latest revision as of 23:43, 7 April 2009

Every Control should follow this template.


This is a control. To view all control, please see the Control Category page.

Last revision (mm/dd/yy): 04/7/2009

Description

A control (countermeasure or security control) is a protection mechanism that prevents, deters, or detects attacks, or prevents or reduces vulnerabilities.

  1. Start with a one-sentence description of the control
  2. How does the countermeasure work?
  3. What are some examples of implementations of the control (steer clear of specific products)


Risk Factors

  • Talk about the factors that this control affects
  • What effect does this countermeasure have on the attack or vulnerability?
  • Does this control reduce the technical or business impact?


Difficulty to Implement

  • Discuss the typical difficulty of implementing this control, emphasizing the factors that make it easier or harder
  • Steer clear of language/platform specific information here


Examples

Short example name

A short example description, small picture, or sample code with links

Short example name

A short example description, small picture, or sample code with links


Related Attacks


Related Vulnerabilities

Note: the contents of "Related Problems" sections should be placed here


Related Controls

Note: contents of "Avoidance and Mitigation" and "Countermeasure" related Sections should be placed here

References


In addition, one should classify control based on the following subcategories: Ex:[[Category:Error Handling Control]]

Availability Control

Authorization Control

Authentication Control

Concurrency Control

Configuration Control

Cryptographic Control

Encoding Control

Error Handling Control

Input Validation Control

Logging and Auditing Control

Session Management Control


Retrieved from "https://wiki.owasp.org/index.php?title=Control_template&oldid=58458"