[Owasp-leaders] Fwd: [WEB SECURITY] WASC Announcement: WASC Threat Classification v2.0 Published
Jim Manico
jim.manico at owasp.org
Sun Jan 3 21:59:19 EST 2010
My personal opinion is that it is a useful attack-centric perspective of
the AppSec world. It would not be difficult to cross-correlate the Top
Ten, ESAPI and ASVS and the WASC TC. The relations are fairly straight
forward. Any they Wikified it, power to them.
On this topic - I am still bullish on a WASC-OWASP merger. Perhaps offer
WASC leadership a few seats on the board. Robert Auger and crew are good
people. http://www.webappsec.org/officers.shtml
- Jim
> Question: What is OWASP's position of WASC TC v2.0 and how does it
> relate to the current materials we have published at OWASP?
>
> Note that these materials
> (http://projects.webappsec.org/Threat-Classification) are are released
> under CC 3.0
>
> Dinis Cruz
>
> ---------- Forwarded message ----------
> From: <robert at webappsec.org <mailto:robert at webappsec.org>>
> Date: Sat, Jan 2, 2010 at 12:56 AM
> Subject: [WEB SECURITY] WASC Announcement: WASC Threat Classification
> v2.0 Published
> To: websecurity at webappsec.org <mailto:websecurity at webappsec.org>
>
>
> The Web Application Security Consortium (WASC) is pleased to announce
> the long awaited release of the WASC
> Threat Classification v2.0. The Threat Classification is an effort to
> classify the weaknesses, and attacks
> that can lead to the compromise of a website, its data, or its users.
> This document's primarily purpose is
> to serve as a reference guide for common attacks and weaknesses.
>
> Main goals
> - Refine document scope, terminology, and purpose
> - Update existing sections when applicable
> - Add missing attacks and weaknesses
> - Creation of a firm, scalable base foundation allowing for the
> introduction of data views allowing for various
> forms of data representation
> - Addition of attack and weakness reference identifiers (WASC-<xx>)
> - Publication of two data views
>
>
> WASC Threat Classification v2.0 Online
> http://projects.webappsec.org/Threat-Classification
>
> Using the Threat Classification
> http://projects.webappsec.org/Using-the-Threat-Classification
>
> Threat Classification Authors and Contributors
> http://projects.webappsec.org/Threat-Classification-Authors
>
> WASC Threat Classification FAQ
> http://projects.webappsec.org/Threat-Classification-FAQ
>
> WASC Reference Identifier Grid
> http://projects.webappsec.org/Threat-Classification-Reference-Grid
>
> Threat Classification Data Views
> http://projects.webappsec.org/Threat-Classification-Views
>
>
> We have already started scoping the next minor release of the Threat
> Classification, and are seeking contributors.
> If you are interested in participating in the next release of the WASC
> Threat Classification please contact us at
> contact_at_ at webappsec.org <mailto:contact_at_ at webappsec.org> with the
> subject 'WASC Threat Classification Contribution Inquiry'.
>
> Questions can be directed to Robert Auger (contact_at_webappsec.org
> <http://contact_at_webappsec.org>) with the subject 'WASC TC Inquiry'.
>
>
> Regards,
> - Robert Auger
> WASC Threat Classification Project leader/WASC Co Founder
> http://projects.webappsec.org/Threat-Classification
> http://www.webappsec.org/ The Web Application Security Consortium
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net <http://irc.freenode.net> #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
>
>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
--
- Jim Manico
OWASP ESAPI Project Manager
http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
OWASP Podcast Host/Producer
http://www.owasp.org/index.php/OWASP_Podcast
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100103/f834e837/attachment.html
More information about the OWASP-Leaders
mailing list