WASC TC v1.0 Classes Coverage

EasyAudit WEB completely cover all the 26 WASC Threat Classification Version 1 Classes and EasyAudit NET have a good coverage of Web issues, even if it’s targeted to network security.

1			Authentication
1	1	1	Brute Force	EasyAudit WEB EasyAudit NET
1	2	2	Insufficient Authentication	EasyAudit WEB EasyAudit NET
1	3	3	Weak Password Recovery Validation	EasyAudit WEB EasyAudit NET
2			Authorization
2	1	4	Credential/Session Prediction	EasyAudit WEB EasyAudit NET
2	3	5	Insufficient Authorization	EasyAudit WEB EasyAudit NET
2	4	6	Insufficient Session Expiration	EasyAudit WEB EasyAudit NET
2	5	7	Session Fixation	EasyAudit WEB EasyAudit NET
3			Client-side Attacks
3	1	8	Content Spoofing	EasyAudit WEB EasyAudit NET
3	2	9	Cross-site Scripting	EasyAudit WEB EasyAudit NET
4			Command Execution
4	1	10	Buffer Overflow	EasyAudit WEB EasyAudit NET
4	2	11	Format String Attack	EasyAudit WEB EasyAudit NET
4	3	12	LDAP Injection	EasyAudit WEB EasyAudit NET
4	4	13	OS Commanding	EasyAudit WEB EasyAudit NET
4	5	14	SQL Injection	EasyAudit WEB EasyAudit NET
4	6	15	SSI Injection	EasyAudit WEB EasyAudit NET
4	7	16	XPath Injection	EasyAudit WEB EasyAudit NET
5			Information Disclosure
5	1	17	Directory Indexing	EasyAudit WEB EasyAudit NET
5	2	18	Information Leakage	EasyAudit WEB EasyAudit NET
5	3	19	Path Traversal	EasyAudit WEB EasyAudit NET
5	4	20	Predictable Resource Location	EasyAudit WEB EasyAudit NET
6			Logical Attacks
6	1	21	Abuse of Functionality	EasyAudit WEB EasyAudit NET
6	2	22	Denial of Service	EasyAudit WEB EasyAudit NET
6	3	23	Insufficient Anti-automation	EasyAudit WEB EasyAudit NET
6	4	24	Insufficient Process Validation	EasyAudit WEB EasyAudit NET
6			Appendix
6	1	25	HTTP Response Splitting	EasyAudit WEB EasyAudit NET
6	1	26	Application Fingerprinting	EasyAudit WEB EasyAudit NET

Go to the List View

Download the unmodified WASC TC v1.0 PDF