LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

What are the OWASP threat categories for threat modeling?

Eight areas to check: authentication, authorization, configuration management, data protection (storage/transit), data/parameter validation, error handling, session management, and auditing/logging.

OWASP Threat List:

  1. Authentication - verifying identity
  2. Authorization - permissions and access control
  3. Configuration Management - secure defaults, settings
  4. Data Protection in Storage and Transit - encryption
  5. Data/Parameter Validation - input sanitization
  6. Error Handling and Exception Management - safe error messages
  7. User and Session Management - session tokens, logout
  8. Auditing and Logging - tracking security events

When to use: OWASP categories complement STRIDE - use them as a checklist to ensure comprehensive coverage.

From Quiz: SPRG / Mitigation and Risk Analysis | Updated: Jun 20, 2026