[OWASP-GUIDE] RE: [OWASP] site issues, etc

Mark Curphey mark at curphey.com
Mon Jun 21 13:32:02 EDT 2004

Thanks. I wished you would have introduced yourself but maybe next time. I
thought it was excellent as well, one of the best I have been too !
Well take care of the things below and I have CC'd the Guide for those


From: Scovetta, Michael V [mailto:Michael.Scovetta at ca.com] 
Sent: Monday, June 21, 2004 11:51 AM
To: mark at curphey.com
Subject: [OWASP] site issues, etc


   First, I'd like to say, "Excellent Conference!" this weekend. 


Second, I've been browsing the owasp site, found a few bugs:

1. The "Home" link on the top of the page points to /portal   (404)

2. The page http://www.owasp.org/documentation/guide has a link to the Guide


    which is also 404

3. The mailing list signup form on:


    has an unclosed quote, so it breaks when you try to sign up for the

4. The link http://www.owasp.org/oasis_mission.gif (linked from
http://www.owasp.org/wasxml) is missing (404).



Also, I have a little feedback on the Guide 2.0:

            On pages 57-58, it is mentioned to not use GET requests for
passing sensitive information. It should also be noted that passing data in
a POST request isn't secure, doesn't really "hide" the information and
should not be relied upon for passing sensitive information (unless SSL is
used as well).





Michael Scovetta

Computer Associates

Senior Application Developer

tel: +1 631 342 3139

cell: +1 813 727 5772

michael.scovetta at ca.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-guide/attachments/20040621/a95c4d34/attachment.html 

More information about the Owasp-guide mailing list