[Owasp-leaders] OWASP Consumer Reports Project

McGovern, James F. (P+C Technology) James.McGovern at thehartford.com
Mon Apr 12 09:44:00 EDT 2010


If I have an account with a brokerage firm, I can do simple things like
"test" how many zeros I can put in say a limit order field. It would be
very manual and require a scripted usage of WebScarab. 

-----Original Message-----
From: Rogan Dawes [mailto:rogan.dawes at gmail.com] On Behalf Of Rogan
Dawes
Sent: Monday, April 12, 2010 9:40 AM
To: owasp-leaders at lists.owasp.org
Cc: McGovern, James F. (P+C Technology)
Subject: Re: [Owasp-leaders] OWASP Consumer Reports Project

On 2010/04/12 3:16 PM, McGovern, James F. (P+C Technology) wrote:

> Criteria would include things like knowing they are running the latest

> patch version of web server software, dns zone transfer, basic input 
> validation and other things that are observable as a smart security 
> consumer. At no time, would we scan a site without permission.
> 
> Thoughts?

How do you intend to test "basic input validation" without scanning the
site?

Ask Dan about how little you need to do to be considered to be hacking.

Rogan
************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
************************************************************



More information about the OWASP-Leaders mailing list