[Owasp-board] Fwd: RES: RES: SANS Top-20 2006 (Web Application Vulnerabilities)

Dinis Cruz dinis at ddplus.net
Tue Oct 31 22:39:52 UTC 2006


Sorry for my question, but how will the SANS top 20 connected to the OWASP
top 10?

Also when does the top SANS 20 comes out?

Dinis



On 10/31/06, Andrew van der Stock <vanderaj at owasp.org> wrote:
>
> We made it!
> We MUST get the 2007 update into a presentable draft with permalinks (ie
> content might change as we update it, but the links do not) into the Wiki by
> the time the SANS Top 20 comes out.
> thanks,
> Andrew
>
> Begin forwarded message:
>
> *From: *"Rohit Dhamankar" <rohit_dhamankar at 3com.com>
> *Date: *30 October 2006 3:23:59 AM
> *To: *"'Andrew van der Stock'" <vanderaj at owasp.org>, "'Marcos Ferreira'" <
> marcos.ferreira at nxsecurity.com>
> *Subject: **RE: RES: RES: SANS Top-20 2006 (Web Application
> Vulnerabilities)*
>
> Andrew:
>
> I am in the process of making a shorter version that is more a fit for the
> Top-20 audience. I will put in links to the OWASP pages for people looking
> for more details.
>
> I want to ensure that people are sufficiently alarmed at these
> vulnerabilities!
>
> Rohit
>
>
>
>
>
>
> ------------------------------
>
> *From:* Andrew van der Stock [mailto:vanderaj at owasp.org<vanderaj at owasp.org>]
>
> *Sent:* Sunday, October 29, 2006 2:01 AM
> *To:* Marcos Ferreira
> *Cc:* rohit_dhamankar at 3com.com
> *Subject:* Re: RES: RES: SANS Top-20 2006 (Web Application
> Vulnerabilities)
> *Importance:* High
>
>
>
> Hi guys,
>
>
>
> Please make sure you are using the Top 10 2007, not the Top 10 2004.
>
>
>
> When you say you'd like to condense them - how would you like them
> condensed?
>
>
>
> thanks,
>
> Andrew
>
>
>
> On 28/10/2006, at 5:34 AM, Marcos Ferreira wrote:
>
>
>
> Hi Rohit,
>
>
>
> I was reading the full OWASP TOP 10, and in my point of view and
> experience, the most problems that are exploited today refers to items A1,
> A2, A3 and A4.
>
> This four items should be in the web applications. Andrew, made a very
> fine work to write this for the world security community and we can use his
> description.
>
> About the CVE entries, we can use some examples that how the attack
> occurs, like writhed by Andrew.
>
>
>
> Rohit and Andrew, what do you think about this?
>
>
>
> Thanks,
>
>
>
> Marcos
>
>
> ------------------------------
>
> *De:* Rohit Dhamankar [mailto:rohit_dhamankar at 3com.com<rohit_dhamankar at 3com.com>]
>
> *Enviada em:* domingo, 22 de outubro de 2006 14:51
> *Para**:* 'Andrew van der Stock'; 'Marcos Ferreira'
> *Cc:* 'Rohit Dhamankar'; Rohit Dhamankar
> *Assunto:* RE: RES: SANS Top-20 2006 (Web Application Vulnerabilities)
>
>
>
>
>
> Thanks Andrew. Marcos, do you think you can help me condense this into an
> item for Top-20, taking the most critical attacks and listing CVEs,
>
>
>
> Thanks
>
> Rohit
>
>
> ------------------------------
>
> *From:* Andrew van der Stock [mailto:vanderaj at owasp.org<vanderaj at owasp.org>]
>
> *Sent:* Monday, October 16, 2006 5:22 PM
> *To:* Marcos Ferreira
> *Cc:* 'Rohit Dhamankar'; 'Rohit Dhamankar'
> *Subject:* Re: RES: SANS Top-20 2006 (Web Application Vulnerabilities)
>
>
>
> Hi there,
>
>
>
> Ihave nearly finished doing the Top 10 2007, which we would be donating to
> SANS as an item in its Top 20.
>
>
>
> Check this out :)
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>


-- 
Best regards

Dinis Cruz
OWASP Autumn of Code 2006, http://www.owasp.org/index.php/OAC
OWASP .Net Project, http://www.owasp.org/index.php/.Net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20061031/3736cc72/attachment-0003.html>


More information about the Owasp-board mailing list