This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Countermeasure template"

From OWASP
Jump to: navigation, search
(New page: ==Description== This is the structure of a Countermeasure Article. Sections "Overview", "Abstract", "Discussion", "Required Resources" and "Plataform", if existent, should be properly de...)
 
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
Every '''[[Countermeasure]]''' should follow this template.
 +
 
==Description==
 
==Description==
  
This is the structure of a Countermeasure Article.
+
An countermeasure (or security control) is a protection mechanism that prevents, deters, or detects attacks, or prevents or reduces vulnerabilities.
 +
 
 +
# Start with a one-sentence description of the countermeasure
 +
# How does the countermeasure work?
 +
# What are some examples of implementations of the countermeasure (steer clear of specific products)
 +
 
 +
 
 +
==Risk Factors==
 +
 
 +
* Talk about the [[OWASP Risk Rating Methodology|factors]] that this countermeasure affects
 +
* What effect does this countermeasure have on the attack or vulnerability?
 +
* Does this countermeasure reduce the technical or business impact?
 +
 
  
Sections "Overview", "Abstract", "Discussion", "Required Resources" and "Plataform", if existent, should be properly describe here, without subsections.
+
==Difficulty to Implement==
  
In case of a "Exposure Period" section exists, it should be placed here as a subsection.
+
* Discuss the typical difficulty of implementing this control, emphasizing the factors that make it easier or harder
Ex:<nowiki>===Exposure Period===</nowiki>
+
* Steer clear of language/platform specific information here
  
  
 
==Examples==
 
==Examples==
  
===Example 1===
+
; Short example name
 +
: One paragraph example description with [http://www.site.com links]
  
 +
; Short example name
 +
: One paragraph example description with [http://www.site.com links]
  
===Example n===
 
  
 +
==Related [[Attacks]]==
  
==Difficult to Implement==
+
* [[Attack 1]]
 +
* [[Attack 2]]
  
  
==Technical Impacts==
+
==Related [[Vulnerabilities]]==
  
 +
* [[Vulnerability 1]]
 +
* [[Vulnerabiltiy 2]]
  
==Related Countermeasures==
+
Note: the contents of "Related Problems" sections should be placed here
Contents of "Avoidance and Mitigation" Sections should be placed here
 
  
  
==Related Vulnerabilities==
+
==Related [[Countermeasures]]==
Contents of "Related Problems" sections should be placed here
 
  
 +
* [[Countermeasure 1]]
 +
* [[Countermeasure 2]]
  
==Related Attacks==
+
Note: contents of "Avoidance and Mitigation" Sections should be placed here
  
  
==Related Threats Agents==
+
==References==
  
 +
* http://www.link1.com
 +
* [http://www.link2.com Title for the link]
  
==References==
 
  
 +
When the article is reviewed, the "Honeycomb" category can be removed and replaced with the "ASDR" category
 +
<nowiki>[[Category:OWASP Honeycomb Project]]</nowiki>
 +
<nowiki>[[Category:OWASP ASDR Project]]</nowiki>
  
<nowiki>[[Category:XYZ]]</nowiki>
+
__NOTOC__
<nowiki>[[Category:XPTO]]</nowiki>
 

Latest revision as of 05:04, 13 February 2008

Every Countermeasure should follow this template.

Description

An countermeasure (or security control) is a protection mechanism that prevents, deters, or detects attacks, or prevents or reduces vulnerabilities.

  1. Start with a one-sentence description of the countermeasure
  2. How does the countermeasure work?
  3. What are some examples of implementations of the countermeasure (steer clear of specific products)


Risk Factors

  • Talk about the factors that this countermeasure affects
  • What effect does this countermeasure have on the attack or vulnerability?
  • Does this countermeasure reduce the technical or business impact?


Difficulty to Implement

  • Discuss the typical difficulty of implementing this control, emphasizing the factors that make it easier or harder
  • Steer clear of language/platform specific information here


Examples

Short example name
One paragraph example description with links
Short example name
One paragraph example description with links


Related Attacks


Related Vulnerabilities

Note: the contents of "Related Problems" sections should be placed here


Related Countermeasures

Note: contents of "Avoidance and Mitigation" Sections should be placed here


References


When the article is reviewed, the "Honeycomb" category can be removed and replaced with the "ASDR" category [[Category:OWASP Honeycomb Project]] [[Category:OWASP ASDR Project]]


Retrieved from "https://wiki.owasp.org/index.php?title=Countermeasure_template&oldid=25310"