This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Control template"
Leocavallari (talk | contribs) |
Leocavallari (talk | contribs) (→References) |
||
| Line 67: | Line 67: | ||
In addition, one should classify control based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Control]]</nowiki> | In addition, one should classify control based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Control]]</nowiki> | ||
| + | |||
| + | Availability Control | ||
| + | |||
Authorization Control | Authorization Control | ||
| + | |||
Authentication Control | Authentication Control | ||
| + | |||
| + | Concurrency Control | ||
| + | |||
Configuration Control | Configuration Control | ||
| + | |||
Cryptographic Control | Cryptographic Control | ||
| + | |||
Encoding Control | Encoding Control | ||
| + | |||
Error Handling Control | Error Handling Control | ||
| + | |||
Input Validation Control | Input Validation Control | ||
| + | |||
Logging and Auditing Control | Logging and Auditing Control | ||
| + | |||
Session Management Control | Session Management Control | ||
| − | |||
| − | |||
| − | |||
__NOTOC__ | __NOTOC__ | ||
Revision as of 14:44, 2 May 2008
Every Control should follow this template.
This is a control. To view all control, please see the Control Category page.
Last revision (mm/dd/yy): 05/2/2008
Description
A control (countermeasure or security control) is a protection mechanism that prevents, deters, or detects attacks, or prevents or reduces vulnerabilities.
- Start with a one-sentence description of the control
- How does the countermeasure work?
- What are some examples of implementations of the control (steer clear of specific products)
Risk Factors
- Talk about the factors that this control affects
- What effect does this countermeasure have on the attack or vulnerability?
- Does this control reduce the technical or business impact?
Difficulty to Implement
- Discuss the typical difficulty of implementing this control, emphasizing the factors that make it easier or harder
- Steer clear of language/platform specific information here
Examples
Short example name
- A short example description, small picture, or sample code with links
Short example name
- A short example description, small picture, or sample code with links
Related Attacks
Related Vulnerabilities
Note: the contents of "Related Problems" sections should be placed here
Related Controls
Note: contents of "Avoidance and Mitigation" and "Countermeasure" related Sections should be placed here
References
When the article is reviewed, the "Honeycomb" category ([[Category:OWASP Honeycomb Project]]) SHOULD be replaced with the "ASDR" category.
[[Category:OWASP ASDR Project]]
In addition, one should classify control based on the following subcategories: Ex:[[Category:Error Handling Control]]
Availability Control
Authorization Control
Authentication Control
Concurrency Control
Configuration Control
Cryptographic Control
Encoding Control
Error Handling Control
Input Validation Control
Logging and Auditing Control
Session Management Control
