[Owasp-leaders] Zone transfer

OWASP Geneva Chapter antonio.fontes at owasp.org
Thu Apr 8 04:49:40 EDT 2010


On 8 April 2010 09:00, Erlend Oftedal <Erlend.Oftedal at bekk.no> wrote:
> Hi
> I see this message popping up from time to time on twitter, that owasp.org
> is vulnerable to zone transfer.
> I guess that’s something we want to fix.
> “RT @maxisoler: +1 WTF?! RT: @Jabra: Wtf owasp.org is still vulnerable to
> zone transfer!”
> Erlend

Hi Leaders,

The initial security requirement dictates that zone content disclosure
should be restricted in order to reduce the risk of hidden/internal
hosts disclosure (which we could even argue it's a "security by
obfuscation" practice).

Keeping it open might also mean we did our work correctly, applied
basic risk assessment, and stick to our "openness" principle.

(okay okay, devil's advocate now heading towards the exit door)

Antonio


-- 
OWASP Geneva Chapter
chapter site: http://www.owasp.org/index.php/Geneva
mailing list: https://lists.owasp.org/mailman/listinfo/owasp-Geneva


More information about the OWASP-Leaders mailing list