Friday, July 30, 2004

Web threat taxonomy published

The Web Application Security Consortium has published a new taxonomy of web security threats. It's 87 pages long and contains detailed descriptions, examples and references for over 20 types of attacks. Is it rocket science? No. Is it useful? Maybe, but only if enough people actually read it and start referencing it.

A taxonomy is a good thing, in my opinion. I need to read in more detail before I can say whether I'll be using it on a daily basis, though.

joatBlog mentions that there might be a trust issue with using a copyrighted taxonomy, but I've read the OpenContent license this document uses, and it seems quite reasonable and very Open Source-like.

No comments: