This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Control template"
From OWASP
Leocavallari (talk | contribs) (New page: Every '''Control''' should follow this template. ==Description== A control (countermeasure or security control) is a protection mechanism that prevents, deters, or detects attacks, o...) |
Leocavallari (talk | contribs) |
||
| Line 25: | Line 25: | ||
==Examples== | ==Examples== | ||
| − | + | ===Short example name=== | |
| − | : | + | : A short example description, small picture, or sample code with [http://www.site.com links] |
| − | + | ===Short example name=== | |
| − | : | + | : A short example description, small picture, or sample code with [http://www.site.com links] |
| Line 51: | Line 51: | ||
* [[Countermeasure 2]] | * [[Countermeasure 2]] | ||
| − | Note: contents of "Avoidance and Mitigation" Sections should be placed here | + | Note: contents of "Avoidance and Mitigation" and "Countermeasure" related Sections should be placed here |
Revision as of 00:36, 19 February 2008
Every Control should follow this template.
Description
A control (countermeasure or security control) is a protection mechanism that prevents, deters, or detects attacks, or prevents or reduces vulnerabilities.
- Start with a one-sentence description of the control
- How does the countermeasure work?
- What are some examples of implementations of the control (steer clear of specific products)
Risk Factors
- Talk about the factors that this control affects
- What effect does this countermeasure have on the attack or vulnerability?
- Does this control reduce the technical or business impact?
Difficulty to Implement
- Discuss the typical difficulty of implementing this control, emphasizing the factors that make it easier or harder
- Steer clear of language/platform specific information here
Examples
Short example name
- A short example description, small picture, or sample code with links
Short example name
- A short example description, small picture, or sample code with links
Related Attacks
Related Vulnerabilities
Note: the contents of "Related Problems" sections should be placed here
Related Controls
Note: contents of "Avoidance and Mitigation" and "Countermeasure" related Sections should be placed here
References
When the article is reviewed, the "Honeycomb" category SHOULD be removed and replaced with the "ASDR" category
[[Category:OWASP Honeycomb Project]]
[[Category:OWASP ASDR Project]]
