WASC TC v1.0 Classes List

EasyAudit WEB completely cover all the 26 WASC Threat Classification Version 1 Classes and EasyAudit NET have a good coverage of Web issues, even if it’s targeted to network security.

WASC TC v1.0 Classes List View

1. Authentication
   1. Brute Force
   2. Insufficient Authentication
   3. Weak Password Recovery Validation
2. Authorization
   1. Credential/Session Prediction
   2. Insufficient Authorization
   3. Insufficient Session Expiration
   4. Session Fixation
3. Client-Side Attacks
   1. Content Spoofing
   2. Cross Site Scripting (also known as XSS)
   3. HTTP Response Splitting (contained in Appendix)
4. Command Execution
   1. Buffer Overflow
   2. Format String Attack
   3. LDAP Injection
   4. OS Commanding
   5. SQL Injection
   6. SSI Injection
   7. XPath Injection
5. Information Disclosure
   1. Directory Indexing
   2. Information Leakage
   3. Path Traversal
   4. Predictable Resource Location
   5. Application Fingerprinting (contained in Appendix)
6. Logical Attacks
   1. Abuse of Functionality
   2. Denial of Service
   3. Insufficient Anti-Automation
   4. Insufficient Process Validation

Back to the Coverage Chart

Download the unmodified WASC TC v1.0 PDF