[Owasp-topten] Top 10 2007
Sebastien Deleersnyder
sebastien.deleersnyder at ascure.com
Tue Jun 27 13:26:28 EDT 2006
Andrew, List,
>0) Approach. I personally think the Top 10 is an education piece.
>Most of the other Top X lists are about attacks and their
>countermeasures, so let's stick to that formula as folks are used to
>it. The current Top 10 consists of about 6 attacks and 4
>countermeasures as top level headings so is more like the Top 6 or 7
>than the Top 10. Let's have a good solid discussion about where this
>list would like to see the Top 10 go.
>
>Who: All.
>Completion date: 30 June
Since it is education and awareness, I would opt to do a top 10 of
attacks, they will be more "shocking" than top 10 of vulnerabilities.
e.g. Injection Attacks, such as SQL Injection will surely be more
"appealing" than unvalidated input.
We could then relate the Top 10 Attacks (effectively being exploited
threats because of vulnerabilities) to the related threats and
vulnerabilities.
Regards,
Seba
---- eMail Disclaimer ----
This message may be confidential. It is also solely for the use of the individual or group to whom it is addressed. If you have received it
by mistake, please let us know by e-mail reply. Ascure is not liable for any direct or indirect damage arising from errors, inaccuracies or
any loss in the message, from unauthorized use, disclosure, copying or alteration of it.
For the complete version or other languages of this disclaimer see http://www.ascure.com/disclaimer.html
More information about the Owasp-topten
mailing list