colin.watson at owasp.org
Mon Nov 9 08:56:48 UTC 2015
I sent some details of the project to Mitre's CAPEC mailing list and
received acknowledgement. See below.
To: capec-research-list CAPEC Researcher Discussion <
capec-research-list at lists.mitre.org>
Date: 06.11.2015 12:23
Subject: RE: Automated Threats to Web Applications
Thank you for bringing this to our attention. We will try to look through
this and relate it to CAPEC once we get through this current push. I like
how you have already started this with Figure 6.
> -----Original Message-----
> From: owner-capec-research-list at lists.mitre.org [mailto:owner-capec-
> research-list at lists.mitre.org] On Behalf Of Colin Watson
> Sent: Thursday, October 15, 2015 9:39 AM
> To: capec-research-list CAPEC Researcher Discussion <capec-research-
> list at lists.mitre.org>
> Subject: Automated Threats to Web Applications
> Hello List Members
> Recently I worked on creating a list of automated threats to web
> In print
> It was presented at AppSec USA last month:
> The threat events are mapped to CAPEC:
> They mostly fall within the existing CAPEC-210: Abuse of Functionality. I
> they might be a useful enumeration of automated threats that are not
> the result of exploitation of a vulnerability, and be useful for the
> of threat intelligence. There is further discussion on the scope and
> use cases in the document.
> I am working on related guidance for developers and defenders.
> Colin Watson
> OWASP Automated Threats to Web Application project leader
> To unsubscribe, send an email message to LISTSERV at LISTS.MITRE.ORG with
> SIGNOFF CAPEC-RESEARCH-LIST in the BODY of the message. If you have
> difficulties, write to CAPEC-RESEARCH-LIST-REQUEST at LISTS.MITRE.ORG.
To unsubscribe, send an email message to LISTSERV at LISTS.MITRE.ORG with
SIGNOFF CAPEC-RESEARCH-LIST in the BODY of the message. If you have
difficulties, write to CAPEC-RESEARCH-LIST-REQUEST at LISTS.MITRE.ORG.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Automated_threats_to_web_applications