[Owasp-board] Accuvant - Bad OWASP Copyright Violation

Jeff Williams jeff.williams at owasp.org
Mon Jun 18 17:35:29 UTC 2007


Do we need a poster child for our Branding campaign?

 

>From the (non-Member) Accuvant website
(http://www.accuvant.com/assessment/application.html)... 

 

"When an organization puts up a web application, they invite the world to
send them HTTP requests. Attacks buried in these requests sail past
firewalls, filters, platform hardening, and intrusion detection systems
without notice because they are inside apparently valid requests. Even
"secure" websites that use SSL just accept the requests that arrive through
the encrypted tunnel without scrutiny. This means that your web application
code is part of your security perimeter. As the number, size and complexity
of your web applications increases, so does your perimeter exposure. 

 

Accuvant's application security assessment offerings are designed to help
organizations identify flaws in their custom applications that resist
detection from traditional assessment techniques. Accuvant has based its
methodology on regulatory requirements and the standards developed by the
Open Web Application Security Project (OWASP) Testing Project."

 

>From the 2004 OWASP Top 10
(http://www.owasp.org/index.php/Introduction_OWASP_Top_Ten_Project)...

 

"When an organization puts up a web application, they invite the world to
send them HTTP requests. Attacks buried in these requests sail past
firewalls, filters, platform hardening, and intrusion detection systems
without notice because they are inside legal HTTP requests. Even "secure"
websites that use SSL just accept the requests that arrive through the
encrypted tunnel without scrutiny. This means that your web application code
is part of your security perimeter. As the number, size and complexity of
your web applications increases, so does your perimeter exposure."

 

 

--Jeff

 

Jeff Williams, Chair

The OWASP Foundation <http://www.owasp.org/> 

Work: 410-707-1487

Main: 301-604-4882

"Dedicated to finding and fighting the causes of insecure software"

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070618/bc207c3b/attachment-0002.html>


More information about the Owasp-board mailing list