EasyAudit WEB completely cover all the 26 WASC Threat Classification Version 1 Classes and EasyAudit NET have a good coverage of Web issues, even if it’s targeted to network security.

1 Authentication
1 1 1 Brute Force EasyAudit WEB EasyAudit NET
1 2 2 Insufficient Authentication EasyAudit WEB EasyAudit NET
1 3 3 Weak Password Recovery Validation EasyAudit WEB EasyAudit NET
2 Authorization
2 1 4 Credential/Session Prediction EasyAudit WEB EasyAudit NET
2 3 5 Insufficient Authorization EasyAudit WEB EasyAudit NET
2 4 6 Insufficient Session Expiration EasyAudit WEB EasyAudit NET
2 5 7 Session Fixation EasyAudit WEB EasyAudit NET
3 Client-side Attacks
3 1 8 Content Spoofing EasyAudit WEB EasyAudit NET
3 2 9 Cross-site Scripting EasyAudit WEB EasyAudit NET
4 Command Execution
4 1 10 Buffer Overflow EasyAudit WEB EasyAudit NET
4 2 11 Format String Attack EasyAudit WEB EasyAudit NET
4 3 12 LDAP Injection EasyAudit WEB EasyAudit NET
4 4 13 OS Commanding EasyAudit WEB EasyAudit NET
4 5 14 SQL Injection EasyAudit WEB EasyAudit NET
4 6 15 SSI Injection EasyAudit WEB EasyAudit NET
4 7 16 XPath Injection EasyAudit WEB EasyAudit NET
5 Information Disclosure
5 1 17 Directory Indexing EasyAudit WEB EasyAudit NET
5 2 18 Information Leakage EasyAudit WEB EasyAudit NET
5 3 19 Path Traversal EasyAudit WEB EasyAudit NET
5 4 20 Predictable Resource Location EasyAudit WEB EasyAudit NET
6 Logical Attacks
6 1 21 Abuse of Functionality EasyAudit WEB EasyAudit NET
6 2 22 Denial of Service EasyAudit WEB EasyAudit NET
6 3 23 Insufficient Anti-automation EasyAudit WEB EasyAudit NET
6 4 24 Insufficient Process Validation EasyAudit WEB EasyAudit NET
6 Appendix
6 1 25 HTTP Response Splitting EasyAudit WEB EasyAudit NET
6 1 26 Application Fingerprinting EasyAudit WEB EasyAudit NET

Go to the List View

Download the unmodified WASC TC v1.0 PDF