[GPC] [Owasp Source Flaws Top 10] how to evaluate risk from content management system--cms

• Previous message: [GPC] [Owasp-leaders] Sandboxed DOM API
• Next message: [GPC] July Announcement from Open Web Application Security Project (OWASP)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Paolo, 

 

Hope you are well.

 

I've marked the project as 'Inactive'. I am carbon copying our GPC to check
whether or not they have any recommendations for us/me.

 

http://www.owasp.org/index.php/Category:OWASP_Project#tab=Inactive_Projects 

 

Have a great weekend, 

 

Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager

 

From: Paolo Perego [mailto:thesp0nge at owasp.org] 
Sent: sexta-feira, 30 de Julho de 2010 15:11
To: OWASP Source Code Flaws Top 10 Project
Cc: Paulo Coimbra
Subject: Re: [Owasp Source Flaws Top 10] how to evaluate risk from content
management system--cms

 

Hi Yi, this project was intended to track the 10 most present
vulnerabilities in a source code... the 10 worst programmer behavior.

 

However since this project is not intended to live anymore (due to lack of
usefulness), I kindly ask Paulo who is reading in cc to shut it down.

 

Paolo

 

On Fri, Jul 30, 2010 at 3:47 PM, Yi Li <yi.li26 at gmail.com> wrote:

>      will appreciate if anyone could share thoughts on how to evaluate 

> the risk from 'content management system' CMS.

>      the component of CMS that I would like to evaluate is the 

> component that generate content for the web server, which is installed 

> on the application server, which is usually done by install a library 

> of CMS on E-comm's application server. assume there is a coding flaws 

> in the code in this component, such as sql injection, my question is 

> how to evaluate whether such vulnerabilities will open doors for 

> hackers to attack the web applications deployed on the same 

> application server, or such vulnerabilities will only endanger the CMS
functionality.

>      thanks.

> 

> _______________________________________________

> Owasp-source-code-flaws-top-10 mailing list 

> Owasp-source-code-flaws-top-10 at lists.owasp.org

> https://lists.owasp.org/mailman/listinfo/owasp-source-code-flaws-top-1

> 0

> 

> 

 

 

 

--

"... static analysis is fun, again!"

 

OWASP Orizon project leader, http://github.com/owasp-orizon Owasp Italy R&D
director

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20100730/7c0dcd64/attachment.html 

• Previous message: [GPC] [Owasp-leaders] Sandboxed DOM API
• Next message: [GPC] July Announcement from Open Web Application Security Project (OWASP)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]