Fwd: [Owasp-topten] Maybe the top ten doesn't need (much) revising....
Steven M. Christey
coley at linus.mitre.org
Fri Oct 7 15:45:17 EDT 2005
For a "brief" list of vulnerability types, you could start with PLOVER.
This is a preliminary list of about 300 vuln categories, with about 1400
CVE examples. It's wider scope than web issues. It's on my
to-do-but-might-not-get-done-soon list to try to correlate this with the
OWASP guide. It does not have the academic rigor of a thesis but may
serve as a good starting point. It is likely to change over the next
couple months.
http://cve.mitre.org/docs/plover/
One thing that these extensive vulnerability lists demonstrate is the need
for programming/development paradigms that reduce or eliminate entire
swaths of vulnerability classes all at once. It's important to have these
extensive lists, but no human (or machine) can be expected to keep track
of every single vulnerability type.
- Steve
More information about the Owasp-topten
mailing list