Quiz Entry - updated: 2026.06.20
What are the OWASP threat categories for threat modeling?
Eight areas to check: authentication, authorization, configuration management, data protection (storage/transit), data/parameter validation, error handling, session management, and auditing/logging.
OWASP Threat List:
- Authentication - verifying identity
- Authorization - permissions and access control
- Configuration Management - secure defaults, settings
- Data Protection in Storage and Transit - encryption
- Data/Parameter Validation - input sanitization
- Error Handling and Exception Management - safe error messages
- User and Session Management - session tokens, logout
- Auditing and Logging - tracking security events
When to use: OWASP categories complement STRIDE - use them as a checklist to ensure comprehensive coverage.