This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Vulnerability template"
Leocavallari (talk | contribs) |
|||
Line 20: | Line 20: | ||
==Examples== | ==Examples== | ||
− | + | ===Short example name=== | |
− | : | + | : A short example description, small picture, or sample code with [http://www.site.com links] |
− | + | ===Short example name=== | |
− | : | + | : A short example description, small picture, or sample code with [http://www.site.com links] |
Line 56: | Line 56: | ||
==References== | ==References== | ||
+ | Note: A reference to related [http://cwe.mitre.org/ CWE] or [http://capec.mitre.org/ CAPEC] article should be added when exists. Eg: | ||
+ | * [http://cwe.mitre.org/data/definitions/79.html CWE 79]. | ||
* http://www.link1.com | * http://www.link1.com | ||
* [http://www.link2.com Title for the link] | * [http://www.link2.com Title for the link] | ||
− | When the article is reviewed, the "Honeycomb" category | + | When the article is reviewed, the "Honeycomb" category SHOULD be removed and replaced with the "ASDR" category |
<nowiki>[[Category:OWASP Honeycomb Project]]</nowiki> | <nowiki>[[Category:OWASP Honeycomb Project]]</nowiki> | ||
<nowiki>[[Category:OWASP ASDR Project]]</nowiki> | <nowiki>[[Category:OWASP ASDR Project]]</nowiki> | ||
__NOTOC__ | __NOTOC__ |
Revision as of 23:56, 18 February 2008
Every Vulnerability should follow this template.
Description
A vulnerability is a weakness in an application (frequently a broken or missing countermeasure) that enables an attack to succeed. Be sure you don't put [attacks] or [countermeasures] in this category.
- Start with a one-sentence description of the vulnerability
- What is the problem that creates the vulnerability?
- What are the attacks that target this vulnerability?
- What are the technical impacts of this vulnerability?
Risk Factors
- Talk about the factors that make this vulnerability likely or unlikely to actually happen
- Discuss the technical impact of a successful exploit of this vulnerability
- Consider the likely [business impacts] of a successful attack
Examples
Short example name
- A short example description, small picture, or sample code with links
Short example name
- A short example description, small picture, or sample code with links
Related Attacks
Related Vulnerabilities
Note: the contents of "Related Problems" sections should be placed here
Related Countermeasures
Note: contents of "Avoidance and Mitigation" Sections should be placed here
Related Technical Impacts
References
Note: A reference to related CWE or CAPEC article should be added when exists. Eg:
When the article is reviewed, the "Honeycomb" category SHOULD be removed and replaced with the "ASDR" category
[[Category:OWASP Honeycomb Project]]
[[Category:OWASP ASDR Project]]