[Owasp-board] Fwd: RES: RES: SANS Top-20 2006 (Web Application Vulnerabilities)

Andrew van der Stock vanderaj at greebo.net
Tue Oct 31 22:56:14 UTC 2006


I have helped out the Top 20 for two years now. For the first time,  
webappsec stuff made the Top 20 in the Top 14 spots using real data.  
So we have spot #1 in their list. They will link to us, driving us  
huge amounts of traffic and reputation.

It's a great opportunity to get into a lot of CIO's brains.

thanks,
Andrew

On 01/11/2006, at 9:39 AM, Dinis Cruz wrote:

> Sorry for my question, but how will the SANS top 20 connected to  
> the OWASP top 10?
>
> Also when does the top SANS 20 comes out?
>
> Dinis
>
>
>
> On 10/31/06, Andrew van der Stock <vanderaj at owasp.org> wrote:
> We made it!
>
> We MUST get the 2007 update into a presentable draft with  
> permalinks (ie content might change as we update it, but the links  
> do not) into the Wiki by the time the SANS Top 20 comes out.
>
> thanks,
> Andrew
>
> Begin forwarded message:
>
>> From: "Rohit Dhamankar" <rohit_dhamankar at 3com.com>
>> Date: 30 October 2006 3:23:59 AM
>> To: "'Andrew van der Stock'" <vanderaj at owasp.org>, "'Marcos  
>> Ferreira'" < marcos.ferreira at nxsecurity.com>
>> Subject: RE: RES: RES: SANS Top-20 2006 (Web Application  
>> Vulnerabilities)
>>
>> Andrew:
>>
>> I am in the process of making a shorter version that is more a fit  
>> for the Top-20 audience. I will put in links to the OWASP pages  
>> for people looking for more details.
>>
>> I want to ensure that people are sufficiently alarmed at these  
>> vulnerabilities!
>>
>> Rohit
>>
>>
>>
>>
>> From: Andrew van der Stock [ mailto:vanderaj at owasp.org]
>> Sent: Sunday, October 29, 2006 2:01 AM
>> To: Marcos Ferreira
>> Cc: rohit_dhamankar at 3com.com
>> Subject: Re: RES: RES: SANS Top-20 2006 (Web Application  
>> Vulnerabilities)
>> Importance: High
>>
>>
>> Hi guys,
>>
>>
>> Please make sure you are using the Top 10 2007, not the Top 10 2004.
>>
>>
>> When you say you'd like to condense them - how would you like them  
>> condensed?
>>
>>
>> thanks,
>>
>> Andrew
>>
>>
>> On 28/10/2006, at 5:34 AM, Marcos Ferreira wrote:
>>
>>
>>
>>
>> Hi Rohit,
>>
>>
>> I was reading the full OWASP TOP 10, and in my point of view and  
>> experience, the most problems that are exploited today refers to  
>> items A1, A2, A3 and A4.
>>
>> This four items should be in the web applications. Andrew, made a  
>> very fine work to write this for the world security community and  
>> we can use his description.
>>
>> About the CVE entries, we can use some examples that how the  
>> attack occurs, like writhed by Andrew.
>>
>>
>> Rohit and Andrew, what do you think about this?
>>
>>
>> Thanks,
>>
>>
>> Marcos
>>
>>
>> De: Rohit Dhamankar [ mailto:rohit_dhamankar at 3com.com]
>> Enviada em: domingo, 22 de outubro de 2006 14:51
>> Para : 'Andrew van der Stock'; 'Marcos Ferreira'
>> Cc: 'Rohit Dhamankar'; Rohit Dhamankar
>> Assunto: RE: RES: SANS Top-20 2006 (Web Application Vulnerabilities)
>>
>>
>>
>> Thanks Andrew. Marcos, do you think you can help me condense this  
>> into an item for Top-20, taking the most critical attacks and  
>> listing CVEs,
>>
>>
>> Thanks
>>
>> Rohit
>>
>>
>> From: Andrew van der Stock [ mailto:vanderaj at owasp.org]
>> Sent: Monday, October 16, 2006 5:22 PM
>> To: Marcos Ferreira
>> Cc: 'Rohit Dhamankar'; 'Rohit Dhamankar'
>> Subject: Re: RES: SANS Top-20 2006 (Web Application Vulnerabilities)
>>
>>
>> Hi there,
>>
>>
>> Ihave nearly finished doing the Top 10 2007, which we would be  
>> donating to SANS as an item in its Top 20.
>>
>>
>> Check this out :)
>>
>>
>>
>>
>>
>>
>>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-board
>
>
>
>
>
>
> -- 
> Best regards
>
> Dinis Cruz
> OWASP Autumn of Code 2006, http://www.owasp.org/index.php/OAC
> OWASP .Net Project, http://www.owasp.org/index.php/.Net
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20061101/ff5943e6/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2234 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20061101/ff5943e6/attachment-0002.bin>


More information about the Owasp-board mailing list