[OWASP-GUIDE] RE: OWASP Guides To Secure Web Applications and Ten Most Critical Web Application Security Vulnerabilities

Andrew van der Stock vanderaj at greebo.net
Fri May 21 22:19:39 EDT 2004


Hi there,

 

These are good points in the review. I take it that the review applies to
the OWASP Guide 1.1.1, and the OWASP Top 10 2004?

 

I am revising the session management chapter to take in the webappsec
discussion from a little while ago, and I'll make sure it takes into account
this review's issues with session management.

 

Thanks,

Andrew

 

  _____  

From: owasp-guide-admin at lists.sourceforge.net
[mailto:owasp-guide-admin at lists.sourceforge.net] On Behalf Of Mark Curphey
Sent: Saturday, 22 May 2004 6:31 AM
To: 'Jim Webb'; owasp-leaders at lists.sourceforge.net;
owasp-guide at lists.sourceforge.net
Cc: 'Liam Barry'
Subject: [OWASP-GUIDE] RE: OWASP Guides To Secure Web Applications and Ten
Most Critical Web Application Security Vulnerabilities

 

Thank you. Well will review and ensure these suggestions are considered in
the next releases of these documents. 

 

  _____  

From: Jim Webb [mailto:jim.webb at gov.ab.ca] 
Sent: Friday, May 21, 2004 4:23 PM
To: owasp at owasp.org
Cc: Liam Barry
Subject: OWASP Guides To Secure Web Applications and Ten Most Critical Web
Application Security Vulnerabilities

Dear OWASP Team, 

The Government of Alberta (GoA) commends the OWASP team on their: 

*	Guide To Secure Web Applications and 
*	Ten Most Critical Web Application Security Vulnerabilities. 

The GoA endorses both documents as best practices worthy of adherence and
intends to reference them in a Web Application Development Best Practices
guide that we are currently developing. Our review of the QWASP guides has
identified a few anomalies from the GoA's standards that application
developers must take into consideration when developing Web applications for
the GoA. We would also recommend the OWASP team consider incorporating these
anomalies, where possible, when next updating the OWASP guidelines.

A copy of the GoA review is attached for OWASP consideration. Should you
have any questions or comments, please get back to me. Acknowledgement of
your receipt of this message would also be appreciated.

Once again, congratulations on a job well done. 

<<OWASP_Review_20040511.doc>> 

Jim 
------------- 
James B. Webb 
Manager, Standards Management and Liaison 
Enterprise Architecture and Standards Division 
Alberta Innovation & Science 
ph 780-422-1776  cl 913-2303  fx 780-427-0238  em jim.webb at gov.ab.ca 


This communication is intended for the use of the recipient to which it is
addressed, and may contain confidential, personal and or privileged
information. Please contact us immediately if you are not the intended
recipient of this communication, and do not copy, distribute, or take action
relying on it. Any communication received in error, or subsequent reply,
should be deleted or destroyed.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-guide/attachments/20040522/5a8a7201/attachment.html 


More information about the Owasp-guide mailing list