|
|
(5 intermediate revisions by the same user not shown) |
Line 1: |
Line 1: |
− | {{Template:Vulnerability}} | + | {{template:CandidateForDeletion}} |
| | | |
− | {{Template:Stub}}
| + | #REDIRECT [[::Category:Attack]] |
− | | |
− | [[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]] | |
| | | |
| Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | | Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' |
− |
| |
− | [[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
| |
− |
| |
− | [[ASDR Table of Contents]]
| |
− | __TOC__
| |
| | | |
| | | |
| ==Description== | | ==Description== |
| | | |
− | A vulnerability is a weakness in an application (frequently a broken or missing control) that enables an attack to succeed. Be sure you don't put [attacks] or [controls] in this category.
| + | TBD |
− | | |
− | # Start with a one-sentence description of the vulnerability
| |
− | # What is the problem that creates the vulnerability?
| |
− | # What are the attacks that target this vulnerability?
| |
− | # What are the technical impacts of this vulnerability?
| |
| | | |
| | | |
| ==Risk Factors== | | ==Risk Factors== |
| | | |
− | * Talk about the [[OWASP Risk Rating Methodology|factors]] that make this vulnerability likely or unlikely to actually happen
| + | TBD |
− | * Discuss the technical impact of a successful exploit of this vulnerability
| |
− | * Consider the likely [business impacts] of a successful attack
| |
− | | |
| | | |
| ==Examples== | | ==Examples== |
| | | |
− | ===Short example name===
| + | TBD |
− | : A short example description, small picture, or sample code with [http://www.site.com links]
| |
− | | |
− | ===Short example name===
| |
− | : A short example description, small picture, or sample code with [http://www.site.com links]
| |
− | | |
| | | |
| ==Related [[Attacks]]== | | ==Related [[Attacks]]== |
Line 49: |
Line 29: |
| * [[Vulnerability 1]] | | * [[Vulnerability 1]] |
| * [[Vulnerabiltiy 2]] | | * [[Vulnerabiltiy 2]] |
− |
| |
− | Note: the contents of "Related Problems" sections should be placed here
| |
| | | |
| | | |
Line 57: |
Line 35: |
| * [[Control 1]] | | * [[Control 1]] |
| * [[Control 2]] | | * [[Control 2]] |
− |
| |
− | Note: contents of "Avoidance and Mitigation" and "Countermeasure" related Sections should be placed here
| |
| | | |
| | | |
Line 68: |
Line 44: |
| | | |
| ==References== | | ==References== |
− | Note: A reference to related [http://cwe.mitre.org/ CWE] or [http://capec.mitre.org/ CAPEC] article should be added when exists. Eg:
| + | TBD |
− | | |
− | * [http://cwe.mitre.org/data/definitions/79.html CWE 79].
| |
− | * http://www.link1.com
| |
− | * [http://www.link2.com Title for the link2]
| |
− | | |
− | [[Category:FIXME|add links
| |
− | | |
− | In addition, one should classify vulnerability based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Vulnerability]]</nowiki>
| |
− | | |
− | Availability Vulnerability
| |
− | | |
− | Authorization Vulnerability
| |
− | | |
− | Authentication Vulnerability
| |
− | | |
− | Concurrency Vulnerability
| |
− | | |
− | Configuration Vulnerability
| |
− | | |
− | Cryptographic Vulnerability
| |
− | | |
− | Encoding Vulnerability
| |
− | | |
− | Error Handling Vulnerability
| |
− | | |
− | Input Validation Vulnerability
| |
− | | |
− | Logging and Auditing Vulnerability
| |
− | | |
− | Session Management Vulnerability]]
| |
| | | |
| __NOTOC__ | | __NOTOC__ |
− |
| |
− |
| |
− | [[Category:OWASP ASDR Project]]
| |
− | [[Category:General Logic Error Vulnerability]]
| |