This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Control template

Revision as of 23:43, 7 April 2009 by KirstenS (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Every Control should follow this template.

This is a control. To view all control, please see the Control Category page.

Last revision (mm/dd/yy): 04/7/2009


A control (countermeasure or security control) is a protection mechanism that prevents, deters, or detects attacks, or prevents or reduces vulnerabilities.

  1. Start with a one-sentence description of the control
  2. How does the countermeasure work?
  3. What are some examples of implementations of the control (steer clear of specific products)

Risk Factors

  • Talk about the factors that this control affects
  • What effect does this countermeasure have on the attack or vulnerability?
  • Does this control reduce the technical or business impact?

Difficulty to Implement

  • Discuss the typical difficulty of implementing this control, emphasizing the factors that make it easier or harder
  • Steer clear of language/platform specific information here


Short example name

A short example description, small picture, or sample code with links

Short example name

A short example description, small picture, or sample code with links

Related Attacks

Related Vulnerabilities

Note: the contents of "Related Problems" sections should be placed here

Related Controls

Note: contents of "Avoidance and Mitigation" and "Countermeasure" related Sections should be placed here


In addition, one should classify control based on the following subcategories: Ex:[[Category:Error Handling Control]]

Availability Control

Authorization Control

Authentication Control

Concurrency Control

Configuration Control

Cryptographic Control

Encoding Control

Error Handling Control

Input Validation Control

Logging and Auditing Control

Session Management Control