[Owasp-leaders] Reaching developers = cooperative hackathons

James McGovern JMcGovern at virtusa.com
Tue Sep 14 13:57:46 EDT 2010


1. Mobile apps would have different characteristics around supporting encryption
2. Are there specialized attacks such as knowing "where" that matter more in a mobile browser? 
3. Mobile can have the potential of a lot more intermediaries

James McGovern
Insurance SBU 
Virtusa Corporation
100 Northfield Drive, Suite 305 | Windsor, CT | 06095
Phone:  860 688 9900 Ext:  1037 | Facsimile:  860 688 2890  
    


-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Michael Coates
Sent: Saturday, September 11, 2010 5:41 PM
To: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] Reaching developers = cooperative hackathons

 This will be an interesting issue to deal with.  Where are the
boundaries of responsibility when thinking about the Mobile Top 10?
Consider the scenario where a mobile app allows data to be submitted to
a webserver and that data then results in an XSS attack which affects
both mobile browsers and traditional browsers.  The vulnerability can be
exploited to target both mobile browser users and computer based
browsers. So if we were to develop a top 10 for mobile, could we
realistically discount this scenario?

I don't think we need to necessarily debate the issue here, but it is
something for the mobile top 10 team to think about. How are these
crossover issues between traditional browsers and mobile apps/ browsers
handled?


Michael Coates
OWASP
sp-leaders

Virtusa was recently ranked and featured in 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100 sub-list, 2009 Deloitte Technology Fast 500 and 2009 Dataquest-IDC Best Employers Survey among others.

---------------------------------------------------------------------------------------------

This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is intended for the addressee only. Any unauthorized disclosure, use, dissemination, copying, or distribution of this message or any of its attachments or the information contained in this e-mail, or the taking of any action based on it, is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this message.

---------------------------------------------------------------------------------------------


More information about the OWASP-Leaders mailing list