[Owasp-board] Paper from WhiteHat

Dave Wichers dave.wichers at owasp.org
Sat Feb 3 14:21:58 UTC 2007

This has been in my to read box for a while. Sorry for the late reply. I do
agree that this is a good paper and would be a nice addition to OWASP, sans
the commercial.


How about we ask for a rewrite that matches the 'new' Top Ten and ask them
to post that so it they are in sync? I just wonder if they have scanning
experience for the 'new' items. Probably scanners don't look for them since
they are 'new' and therefore the paper can discuss, they don't find them
now, but in theory .  Like, I could see CSRF being detectable in an
automated manner.





From: Jeff Williams [mailto:jeff.williams at owasp.org] 
Sent: Tuesday, January 09, 2007 9:25 AM
To: Dave Wichers; Dinis Cruz; 'Andrew van der Stock'
Subject: Paper from WhiteHat


Guys, this is a decent paper showing why scanning ain't good enough to find
the OWASP Top Ten.  (At first I thought it was a paper on why the OWASP Top
Ten wasn't good enough).


With the exception of the little advertisement for their service at the end,
it's good stuff.  I can't reference it on OWASP because of the
advertisement, but I'd like to.  Think we should ask if he'd consider
posting at OWASP?





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070203/84c69933/attachment-0002.html>

More information about the Owasp-board mailing list