The Web Application Security Consortium (WASC) is an international organization consisting of experts, industry practitioners, and organizational representatives who produce open source and widely agreed upon best-practice security standards for the Web. WASC facilitates the exchange of ideas and organizes industry Projects, releases technical information, contributed articles, security guidelines, and other useful documentation.


  • The Web Hacking Incidents Database (WHID): This is a WASC project dedicated to maintaining a list of web applications related security incidents and to serve as a tool for raising awareness of the web application security problem and providing the information for statistical analysis of web applications security incidents.
  • Web Security Threat Classification: This classification project is a cooperative effort to clarify and organize the threats to the Website security.
  • Web Application Security Statistics: This WASC project is an industry wide collection of application vulnerability statistics in order to identify the existence and proliferation of application security issues on enterprise websites.