This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Control template"
Leocavallari (talk | contribs) |
Leocavallari (talk | contribs) |
||
Line 1: | Line 1: | ||
− | |||
− | |||
Every '''[[Control]]''' should follow this template. | Every '''[[Control]]''' should follow this template. | ||
{{Template:Control}} | {{Template:Control}} | ||
+ | |||
+ | Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | ||
==Description== | ==Description== |
Revision as of 14:42, 2 May 2008
Every Control should follow this template.
This is a control. To view all control, please see the Control Category page.
Last revision (mm/dd/yy): 05/2/2008
Description
A control (countermeasure or security control) is a protection mechanism that prevents, deters, or detects attacks, or prevents or reduces vulnerabilities.
- Start with a one-sentence description of the control
- How does the countermeasure work?
- What are some examples of implementations of the control (steer clear of specific products)
Risk Factors
- Talk about the factors that this control affects
- What effect does this countermeasure have on the attack or vulnerability?
- Does this control reduce the technical or business impact?
Difficulty to Implement
- Discuss the typical difficulty of implementing this control, emphasizing the factors that make it easier or harder
- Steer clear of language/platform specific information here
Examples
Short example name
- A short example description, small picture, or sample code with links
Short example name
- A short example description, small picture, or sample code with links
Related Attacks
Related Vulnerabilities
Note: the contents of "Related Problems" sections should be placed here
Related Controls
Note: contents of "Avoidance and Mitigation" and "Countermeasure" related Sections should be placed here
References
When the article is reviewed, the "Honeycomb" category ([[Category:OWASP Honeycomb Project]]) SHOULD be replaced with the "ASDR" category.
[[Category:OWASP ASDR Project]]
In addition, one should classify control based on the following subcategories: Ex:[[Category:Error Handling Control]] Authorization Control Authentication Control Configuration Control Cryptographic Control Encoding Control Error Handling Control Input Validation Control Logging and Auditing Control Session Management Control Concurrency Control Availability Control