This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Countermeasure template"
From OWASP
| Line 1: | Line 1: | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Every '''[[Countermeasure]]''' should follow this template. | Every '''[[Countermeasure]]''' should follow this template. | ||
Revision as of 04:41, 13 February 2008
Every Countermeasure should follow this template.
Description
An countermeasure (or security control) is a protection mechanism that prevents, deters, or detects attacks, or prevents or reduces vulnerabilities.
- Start with a one-sentence description of the countermeasure
- How does the countermeasure work?
- What are some examples of implementations of the countermeasure (steer clear of specific products)
Risk Factors
- Talk about the factors that this countermeasure affects
- What effect does this countermeasure have on the attack or vulnerability?
- Does this countermeasure reduce the technical or business impact?
Difficulty to Implement
- Discuss the typical difficulty of implementing this control, emphasizing the factors that make it easier or harder
- Steer clear of language/platform specific information here
Examples
- Short example name
- One paragraph example description with links
- Short example name
- One paragraph example description with links
Related Threat Agents
Related Attacks
Related Vulnerabilities
Note: the contents of "Related Problems" sections should be placed here
Related Countermeasures
Note: contents of "Avoidance and Mitigation" Sections should be placed here
References
When the article is reviewed, the "Honeycomb" category can be removed and replaced with the "ASDR" category
[[Category:OWASP Honeycomb Project]]
[[Category:OWASP ASDR Project]]
