We're nearing the completion of the WASC Threat Classification v2 (2 sections left!) and have added the following new sections since my last couple of posts.
We've also heavily updated the following sections
- Buffer Overflows (in depth discussion of heap vs stack vs integer overflows)
- SQL Injection (added SQL Injection in stored procedures)
Additionally I've added the following sections outlining The Threat Classification's Evolution, as well as a section on Using the Threat Classification.
A more complete picture can be found on our working wiki at http://projects.webappsec.org/Threat-Classification-Working
