The Web Application Security Consortium, formed in February with NT Objectives, Sanctum, SPI Dynamics and WhiteHat as members, suggests six broad types of attack, each of which have several sub-types.
For example, Command Execution attacks can be broken down into seven types, including buffer overflows, SQL injections, LDAP injections and format string attacks, the consortium said.
With the creation of the Web Security Threat Classification, application developers, security professionals, software vendors and compliance auditors have the ability to access a consistent language, the group said.