<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<title>OWASP Guides To Secure Web Applications and Ten Most Critical Web
Application Security Vulnerabilities</title>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="place"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="time"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
 name="PersonName"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:"MS Mincho";
        panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:"\@MS Mincho";
        panose-1:2 2 6 9 4 2 5 8 3 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;}
p
        {mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:12.0pt;
        font-family:"Times New Roman";}
span.EmailStyle18
        {mso-style-type:personal-reply;
        font-family:Arial;
        color:navy;}
@page Section1
        {size:21.0cm 842.0pt;
        margin:72.0pt 89.85pt 72.0pt 89.85pt;}
div.Section1
        {page:Section1;}
 /* List Definitions */
 @list l0
        {mso-list-id:1800371075;
        mso-list-template-ids:1541413954;}
@list l0:level1
        {mso-level-number-format:bullet;
        mso-level-text:\F0B7;
        mso-level-tab-stop:36.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:72.0pt;
        mso-level-number-position:left;
        text-indent:-18.0pt;
        mso-ansi-font-size:10.0pt;
        font-family:"Courier New";
        mso-bidi-font-family:"Times New Roman";}
ol
        {margin-bottom:0cm;}
ul
        {margin-bottom:0cm;}
-->
</style>

</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Hi there,<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>These are good points in the review. I
take it that the review applies to the OWASP Guide 1.1.1, and the OWASP Top 10
2004?<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I am revising the session management
chapter to take in the webappsec discussion from a little while ago, and I&#8217;ll
make sure it takes into account this review&#8217;s issues with session
management.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Thanks,<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Andrew<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<div>

<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>

<hr size=2 width="100%" align=center tabindex=-1>

</span></font></div>

<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>
owasp-guide-admin@lists.sourceforge.net
[mailto:owasp-guide-admin@lists.sourceforge.net] <b><span style='font-weight:
bold'>On Behalf Of </span></b>Mark Curphey<br>
<b><span style='font-weight:bold'>Sent:</span></b> Saturday, 22 May 2004 <st1:time
Minute="31" Hour="6" w:st="on">6:31 AM</st1:time><br>
<b><span style='font-weight:bold'>To:</span></b> 'Jim Webb';
owasp-leaders@lists.sourceforge.net; <st1:PersonName w:st="on">owasp-guide@lists.sourceforge.net</st1:PersonName><br>
<b><span style='font-weight:bold'>Cc:</span></b> 'Liam Barry'<br>
<b><span style='font-weight:bold'>Subject:</span></b> [OWASP-GUIDE] RE: OWASP
Guides To Secure Web Applications and Ten Most Critical Web Application Security
Vulnerabilities</span></font><o:p></o:p></p>

</div>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=MsoNormal><font size=2 color=blue face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:blue'>Thank you. Well will review and ensure
these suggestions are considered in the next releases of these documents. </span></font><o:p></o:p></p>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>

<hr size=2 width="100%" align=center tabIndex=-1>

</span></font></div>

<p class=MsoNormal style='margin-bottom:12.0pt'><b><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</span></font></b><font
size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> Jim Webb
[mailto:jim.webb@gov.ab.ca] <br>
<b><span style='font-weight:bold'>Sent:</span></b> Friday, May 21, 2004 <st1:time
Minute="23" Hour="16" w:st="on">4:23 PM</st1:time><br>
<b><span style='font-weight:bold'>To:</span></b> owasp@owasp.org<br>
<b><span style='font-weight:bold'>Cc:</span></b> Liam Barry<br>
<b><span style='font-weight:bold'>Subject:</span></b> OWASP Guides To Secure
Web Applications and Ten Most Critical Web Application Security Vulnerabilities</span></font><o:p></o:p></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><!-- Converted from text/rtf format -->Dear
OWASP Team,</span></font> <o:p></o:p></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>The
Government of Alberta (<st1:place w:st="on">GoA</st1:place>) commends the OWASP
team on their: </span></font><o:p></o:p></p>

<ul type=disc>
 <ul type=circle>
  <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:
      auto;mso-list:l0 level2 lfo1'><font size=2 face=Arial><span
      style='font-size:10.0pt;font-family:Arial'>Guide To Secure Web
      Applications and </span></font><o:p></o:p></li>
  <li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:
      auto;mso-list:l0 level2 lfo1'><font size=2 face=Arial><span
      style='font-size:10.0pt;font-family:Arial'>Ten Most Critical Web
      Application Security Vulnerabilities.</span></font> <o:p></o:p></li>
 </ul>
</ul>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>The
<st1:place w:st="on">GoA</st1:place> endorses both documents as best practices
worthy of adherence and intends to reference them in a Web Application
Development Best Practices guide that we are currently developing. Our review
of the QWASP guides has identified a few anomalies from the GoA&#8217;s
standards that application developers must take into consideration when
developing Web applications for the <st1:place w:st="on">GoA</st1:place>. We
would also recommend the OWASP team consider incorporating these anomalies,
where possible, when next updating the OWASP guidelines.</span></font><o:p></o:p></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>A
copy of the <st1:place w:st="on">GoA</st1:place> review is attached for OWASP
consideration. Should you have any questions or comments, please get back to
me. Acknowledgement of your receipt of this message would also be appreciated.</span></font><o:p></o:p></p>

<p><font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Once
again, congratulations on a job well done.</span></font> <o:p></o:p></p>

<p><font size=2 color=black face=Arial><span style='font-size:10.0pt;
font-family:Arial;color:black'>&lt;&lt;OWASP_Review_20040511.doc&gt;&gt; </span></font><o:p></o:p></p>

<p><b><i><font size=2 color=blue face=Arial><span style='font-size:10.0pt;
font-family:Arial;color:blue;font-weight:bold;font-style:italic'>Jim</span></font></i></b>
<br>
<i><font size=1 color=blue face=Arial><span style='font-size:7.5pt;font-family:
Arial;color:blue;font-style:italic'>-------------</span></font></i> <br>
<i><font size=1 color=blue face=Arial><span style='font-size:7.5pt;font-family:
Arial;color:blue;font-style:italic'>James B. Webb</span></font></i> <br>
<i><font size=1 color=blue face=Arial><span style='font-size:7.5pt;font-family:
Arial;color:blue;font-style:italic'>Manager, Standards Management and Liaison</span></font></i>
<br>
<i><font size=1 color=blue face=Arial><span style='font-size:7.5pt;font-family:
Arial;color:blue;font-style:italic'>Enterprise Architecture and Standards
Division</span></font></i> <br>
<i><font size=1 color=blue face=Arial><span style='font-size:7.5pt;font-family:
Arial;color:blue;font-style:italic'>Alberta</span></font> </i><i><font size=1
color=blue face=Arial><span style='font-size:7.5pt;font-family:Arial;
color:blue;font-style:italic'>Innovation &amp; Science</span></font></i> <br>
<i><font size=1 color=blue face=Arial><span style='font-size:7.5pt;font-family:
Arial;color:blue;font-style:italic'>ph 780-422-1776&nbsp; cl 913-2303&nbsp;</span></font>
</i><i><font size=1 color=blue face=Arial><span style='font-size:7.5pt;
font-family:Arial;color:blue;font-style:italic'>fx 780-427-0238&nbsp;</span></font>
</i><i><font size=1 color=blue face=Arial><span style='font-size:7.5pt;
font-family:Arial;color:blue;font-style:italic'>em jim.webb@gov.ab.ca</span></font></i>
<o:p></o:p></p>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><br>
This communication is intended for the use of the recipient to which it is
addressed, and may contain confidential, personal and or privileged
information. Please contact us immediately if you are not the intended
recipient of this communication, and do not copy, distribute, or take action
relying on it. Any communication received in error, or subsequent reply, should
be deleted or destroyed.<o:p></o:p></span></font></p>

</div>

</body>

</html>