[Owasp-board] Fwd: RES: RES: SANS Top-20 2006 (Web Application Vulnerabilities)

Andrew van der Stock vanderaj at owasp.org
Tue Oct 31 11:31:58 UTC 2006


We made it!

We MUST get the 2007 update into a presentable draft with permalinks  
(ie content might change as we update it, but the links do not) into  
the Wiki by the time the SANS Top 20 comes out.

thanks,
Andrew

Begin forwarded message:

> From: "Rohit Dhamankar" <rohit_dhamankar at 3com.com>
> Date: 30 October 2006 3:23:59 AM
> To: "'Andrew van der Stock'" <vanderaj at owasp.org>, "'Marcos  
> Ferreira'" <marcos.ferreira at nxsecurity.com>
> Subject: RE: RES: RES: SANS Top-20 2006 (Web Application  
> Vulnerabilities)
>
> Andrew:
>
> I am in the process of making a shorter version that is more a fit  
> for the Top-20 audience. I will put in links to the OWASP pages for  
> people looking for more details.
>
> I want to ensure that people are sufficiently alarmed at these  
> vulnerabilities!
>
> Rohit
>
>
>
>
>
>
>
> From: Andrew van der Stock [mailto:vanderaj at owasp.org]
> Sent: Sunday, October 29, 2006 2:01 AM
> To: Marcos Ferreira
> Cc: rohit_dhamankar at 3com.com
> Subject: Re: RES: RES: SANS Top-20 2006 (Web Application  
> Vulnerabilities)
> Importance: High
>
>
>
> Hi guys,
>
>
>
> Please make sure you are using the Top 10 2007, not the Top 10 2004.
>
>
>
> When you say you'd like to condense them - how would you like them  
> condensed?
>
>
>
> thanks,
>
> Andrew
>
>
>
> On 28/10/2006, at 5:34 AM, Marcos Ferreira wrote:
>
>
>
>
> Hi Rohit,
>
>
>
> I was reading the full OWASP TOP 10, and in my point of view and  
> experience, the most problems that are exploited today refers to  
> items A1, A2, A3 and A4.
>
> This four items should be in the web applications. Andrew, made a  
> very fine work to write this for the world security community and  
> we can use his description.
>
> About the CVE entries, we can use some examples that how the attack  
> occurs, like writhed by Andrew.
>
>
>
> Rohit and Andrew, what do you think about this?
>
>
>
> Thanks,
>
>
>
> Marcos
>
>
>
> De: Rohit Dhamankar [mailto:rohit_dhamankar at 3com.com]
> Enviada em: domingo, 22 de outubro de 2006 14:51
> Para: 'Andrew van der Stock'; 'Marcos Ferreira'
> Cc: 'Rohit Dhamankar'; Rohit Dhamankar
> Assunto: RE: RES: SANS Top-20 2006 (Web Application Vulnerabilities)
>
>
>
>
>
> Thanks Andrew. Marcos, do you think you can help me condense this  
> into an item for Top-20, taking the most critical attacks and  
> listing CVEs,
>
>
>
> Thanks
>
> Rohit
>
>
>
> From: Andrew van der Stock [mailto:vanderaj at owasp.org]
> Sent: Monday, October 16, 2006 5:22 PM
> To: Marcos Ferreira
> Cc: 'Rohit Dhamankar'; 'Rohit Dhamankar'
> Subject: Re: RES: SANS Top-20 2006 (Web Application Vulnerabilities)
>
>
>
> Hi there,
>
>
>
> Ihave nearly finished doing the Top 10 2007, which we would be  
> donating to SANS as an item in its Top 20.
>
>
>
> Check this out :)
>
>
>
>
>
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20061031/ffe94d52/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2458 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20061031/ffe94d52/attachment-0003.bin>


More information about the Owasp-board mailing list