[Owasp-board] Fwd: C1. webappsec

Andrew van der Stock vanderaj at owasp.org
Sat Nov 11 12:36:11 UTC 2006


> Okay, we're just about locked in for this year's SANS Top 20. We  
> need to get moving on the Top 10 2007 draft.
>
> Jeff / Dinis - are you happy for me to revise the top 10 headings  
> as per the discussion last week, include CSRF as a separate item,  
> and roll up all injections as one item, thus allowing authC/authZ  
> issues in as #10? Dinis - do you have the Top XX forward looking  
> trends you'd like yet?
>
> We need to roll the text out to the Wiki so that the Top 10 mail  
> list folks can help finish it, and obviously get PCI on board as  
> well as a few others.
>
> thanks,
> Andrew
>
> Begin forwarded message:
>
>> From: Rohit_Dhamankar at 3com.com
>> Date: 11 November 2006 11:11:22 PM
>> To: "Andrew van der Stock" <vanderaj at greebo.net>, "Rohit  
>> Dhamankar" <rohitd at tippingpoint.com>, "Rhodri Davies"  
>> <Rhodri.Davies at vistorm.com>
>> Subject: Re: C1. webappsec
>>
>> Thanks
>> With more sites like myspace csrf is the next wave for sure
>> I am going to get in a version for the sans web team tomorrow.  
>> Edits can always be added before final posting
>> - sent from blackberry. please excuse typos, grammar etc.
>>
>>
>> ----- Original Message -----
>> From: Andrew van der Stock [vanderaj at greebo.net]
>> Sent: 11/11/2006 12:17 AM
>> To: Rohit Dhamankar <rohitd at tippingpoint.com>;Rhodri Davies  
>> <Rhodri.Davies at vistorm.com>
>> Subject: C1. webappsec
>>
>> Hi guys,
>>
>> I've edited the document to flow better and add CSRF - it's the one
>> thing that all of us at OWASP and WASC agree on that should be
>> included. I've sent the updated text around to the following peer
>> reviewers:
>>
>> OWASP: Dave Wichers (Board), Jeff Williams (Board), Dinis Cruz
>> (Board), Sam Buchanan (Top 10), Raoul Endres (Top 10), Daniel
>> Cuthbert (Testing Guide Lead)
>> MITRE: Steven M. Christey - helped do the stats on webappsec
>> research / CVE.
>> PHP: Chris Shiflett, PHP security expert, Laura Thomson (noted PHP
>> author and all round good friend), Ilia Alshanetsky (PHP core  
>> security)
>> Java: Stephen de Vries, Corsaire. Good to get a non-PHP programmer's
>> point of view
>> WASC: Jeremiah Grossman. A competitor to OWASP, but it's important to
>> be inclusive to be a consensus
>> Robert Hansen (RSnake): the best XSS / CSRF researcher out there, bar
>> none.
>>
>> Please let them have until Monday morning US time to get their say
>> and any edits in.
>>
>> thanks,
>> Andrew
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20061111/965e9926/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2458 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20061111/965e9926/attachment-0002.bin>


More information about the Owasp-board mailing list