This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "Control template"

Jump to: navigation, search
Line 4: Line 4:
[[Category:OWASP ASDR Project]]
[[Category:OWASP ASDR Project]]
[[ASDR Table of Contents]]__TOC__
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''

Latest revision as of 23:43, 7 April 2009

Every Control should follow this template.

This is a control. To view all control, please see the Control Category page.

Last revision (mm/dd/yy): 04/7/2009


A control (countermeasure or security control) is a protection mechanism that prevents, deters, or detects attacks, or prevents or reduces vulnerabilities.

  1. Start with a one-sentence description of the control
  2. How does the countermeasure work?
  3. What are some examples of implementations of the control (steer clear of specific products)

Risk Factors

  • Talk about the factors that this control affects
  • What effect does this countermeasure have on the attack or vulnerability?
  • Does this control reduce the technical or business impact?

Difficulty to Implement

  • Discuss the typical difficulty of implementing this control, emphasizing the factors that make it easier or harder
  • Steer clear of language/platform specific information here


Short example name

A short example description, small picture, or sample code with links

Short example name

A short example description, small picture, or sample code with links

Related Attacks

Related Vulnerabilities

Note: the contents of "Related Problems" sections should be placed here

Related Controls

Note: contents of "Avoidance and Mitigation" and "Countermeasure" related Sections should be placed here


In addition, one should classify control based on the following subcategories: Ex:[[Category:Error Handling Control]]

Availability Control

Authorization Control

Authentication Control

Concurrency Control

Configuration Control

Cryptographic Control

Encoding Control

Error Handling Control

Input Validation Control

Logging and Auditing Control

Session Management Control