[Owasp-board] Accuvant - Bad OWASP Copyright Violation

Dinis Cruz dinis at ddplus.net
Tue Jun 19 06:36:33 UTC 2007


Good catch

Paulo here is one for you

Again here is an example of the current lack of enforcement (there is no
problem in using quotes from the OWASP website, but they need to be
referenced :)   )

The references to the OWASP Testing project as a 'standard' are an
interresting twist on 'OWASP materials are not standards' issue.

Dinis


On 6/18/07, Jeff Williams <jeff.williams at owasp.org> wrote:
>
>  Do we need a poster child for our Branding campaign?
>
>
>
> From the (non-Member) Accuvant website (
> http://www.accuvant.com/assessment/application.html)...
>
>
>
> "When an organization puts up a web application, they invite the world to
> send them HTTP requests. Attacks buried in these requests sail past
> firewalls, filters, platform hardening, and intrusion detection systems
> without notice because they are inside apparently valid requests. Even
> "secure" websites that use SSL just accept the requests that arrive through
> the encrypted tunnel without scrutiny. This means that your web application
> code is part of your security perimeter. As the number, size and complexity
> of your web applications increases, so does your perimeter exposure.
>
>
>
> Accuvant's application security assessment offerings are designed to help
> organizations identify flaws in their custom applications that resist
> detection from traditional assessment techniques. Accuvant has based its
> methodology on regulatory requirements and the standards developed by the
> Open Web Application Security Project (OWASP) Testing Project."
>
>
>
> From the 2004 OWASP Top 10 (
> http://www.owasp.org/index.php/Introduction_OWASP_Top_Ten_Project)...
>
>
>
> "When an organization puts up a web application, they invite the world to
> send them HTTP requests. Attacks buried in these requests sail past
> firewalls, filters, platform hardening, and intrusion detection systems
> without notice because they are inside legal HTTP requests. Even "secure"
> websites that use SSL just accept the requests that arrive through the
> encrypted tunnel without scrutiny. This means that your web application code
> is part of your security perimeter. As the number, size and complexity of
> your web applications increases, so does your perimeter exposure."
>
>
>
>
>
> --Jeff
>
>
>
> Jeff Williams, Chair
>
> The OWASP Foundation <http://www.owasp.org/>
>
> Work: 410-707-1487
>
> Main: 301-604-4882
>
> "Dedicated to finding and fighting the causes of insecure software"
>
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070619/1789cca0/attachment-0002.html>


More information about the Owasp-board mailing list