Web Application Security Consortium (WASC)
The Web Application Security Consortium (WASC) is a not-for-profit organization that focuses on improving web application security by providing guidelines, tools, and best practices. It is particularly useful for web application security professionals and developers.
WASC was founded in 2002 with the goal of creating a unified set of standards for web application security. Since then, it has grown to be an internationally recognized organization, with members from around the globe. WASC is governed by a board of directors, who are elected by the members of the organization.
One of the key strengths of WASC is that it provides a set of guidelines and best practices that are based on real-world experience. These guidelines are created by experts in the field and are continuously updated to stay current with the latest threats and vulnerabilities. Additionally, WASC provides a variety of tools, such as the Threat Classification Framework, that can be used to identify and prioritize vulnerabilities in web applications.
One of the main weaknesses of WASC is that it is primarily focused on web application security, which is just one aspect of cyber risk management. Organizations that use WASC will need to supplement it with other frameworks and tools to address other types of cyber risks.
WASC is used by organizations of all sizes, from small businesses to large enterprises. It is particularly useful for organizations that have web applications and need to ensure that they are secure. It is also used by web application security professionals, developers, and penetration testers to identify and remediate vulnerabilities in web applications.
In conclusion, WASC is a valuable tool for organizations that need to improve their web application security. It provides guidelines, tools, and best practices based on real-world experience, and is continuously updated to stay current with the latest threats and vulnerabilities. While it primarily focuses on web application security, organizations must supplement it with other frameworks and tools to address other types of cyber risks.
Find out more here: http://projects.webappsec.org/
WASC framework is just one of the frameworks we use to report vulnerabilities in the CyberTzar platform we also use MITRE ATT&CK Framework, OWASP ZAP Top 10 Framework, Common Weakness Enumeration (CWE) and NIST Cybersecurity Framework (CSF)