[Owasp-board] [Owasp-topten] Feedback from Sylvan von Stuppe

Steven M. Christey coley at linus.mitre.org
Wed Jan 31 16:45:20 UTC 2007


> http://sylvanvonstuppe.blogspot.com/2007/01/owasp-top-10-2007-update-rc1.htm
> l
>
> Some pretty valid comments. I will take a shot at some of them and pass them
> back to Sylvan and the list.

A comment on XSS being a "threat" (actually an attack in my book, but
let's not go too far down that road).  As Sylvan indicates, the term could
be read as "vulnerable to XSS" to squeeze it into the vuln space.  I still
think XSS is a catchier term than "Improperly filtered or quoted web
output"

While I agree that XSS is just another kind of injection flaw, it's quite
reasonable to distinguish it from others.

- Steve



More information about the Owasp-board mailing list