[Owasp-leaders] What to do after a compromise/defacement/malicious hack
bradcausey at owasp.org
Wed Jan 6 12:06:32 EST 2010
I've done all I've got time for, please double check me.
Also, I'm not sure about the evidence and analysis, I wouldn't think
that would be in scope of the document.
CISSP, MCSE, C|EH, CIFI, CGSP
Never underestimate the time, expense, and effort an opponent will
expend to break a code. (Robert Morris)
On Tue, Jan 5, 2010 at 5:32 PM, Christian Frichot <xntrik at gmail.com> wrote:
> Hi Dinis,
> I know the Anti Phishing Working Group (APWG) have some material for if your
> site has been compromised and used to host phishing content. Whilst this is
> only one potential event from being hacked it still might be useful.
> On Tue, Jan 5, 2010 at 10:39 PM, dinis cruz <dinis.cruz at owasp.org> wrote:
>> I've created the
>> page http://www.owasp.org/index.php?title=What_to_do_after_your_app_was_compromised
>> which is currently redirecting
>> to http://www.owasp.org/index.php/I've_Been_Hacked-What_Now
>> added the links mentioned earlier in this post to the 'External
>> References' section
>> created a new section called "Questions To Ask"
>> If you know of more good references out there (WASC, US Gov, CERTs?),
>> please add it to this page (we also need to fill in the missing content).
>> Dinis Cruz
>> 2010/1/5 Bedirhan Urgun <urgunb at hotmail.com>
>>> There was this link, seems empty tough
>>> Date: Mon, 4 Jan 2010 16:32:14 +0000
>>> From: dinis.cruz at owasp.org
>>> To: owasp-leaders at lists.owasp.org
>>> Subject: [Owasp-leaders] What to do after a
>>> compromise/defacement/malicious hack
>>> Hi, a friend of mine just had her website compromised but I can't seem to
>>> find a good #OWASP page to forward her host/website provider
>>> I tried
>>> http://www.owasp.org/index.php/What_to_do_after_your_app_was_compromised but
>>> it doesn't exist, any ideas of where this content is?
>>> Once we get this page right, shouldn't we link it form our home page?
>>> (there is probably a significant number of people who turn to OWASP in
>>> moments like this)
>>> If fact, do we have any good success stories on this topic? (i.e. people
>>> that used OWASP resources to handle web app security incidents)
>>> Dinis Cruz
>>> Blog: http://diniscruz.blogspot.com
>>> Twitter: http://twitter.com/DinisCruz
>>> Web: http://www.owasp.org/index.php/O2
>>> Hotmail: Trusted email with powerful SPAM protection. Sign up now.
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> Christian Frichot
> e: xntrik at gmail.com
> p: 0433 490 117
> w: http://un-excogitate.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
More information about the OWASP-Leaders