[Owasp-leaders] Web Service Cheaters!

mark curphey mark at curphey.com
Fri Oct 7 02:06:02 EDT 2011


I have often wondered…whenever I have been outside of Europe and America I am always impressed by the English language skills. Would machine translation be better | acceptable if it happened in near real-time for most people?


On Oct 6, 2011, at 10:19 PM, Thomas Brennan wrote:

> International translation efforts of projects are the talk of the town at APPSECLATAM 2011
> 
> 
> On Oct 7, 2011, at 12:12 AM, mark curphey wrote:
> 
>> Great stuff. Some notes on sections as I digest it
>> 
>> Server Auth
>> 
>> Server Authentication
>> 
>> Transport level authentication verifies the identity of the user or the system trying to connect to the service. Usually, transport authentication is a functional of the container of the web service. 
>> Rule - Basic Authentication has to be conducted using HTTP over SSL 
>> Rule - Client Certificate Authentication using HTTP over SSL to be used if the client and server need to authenticate each other
>> 
>> Notes
>> Its called Server auth but talks about user auth. which might be a little confusing. 
>> Is it with describing mutual TLS auth (or clarifying that there is client auth, server auth and mutual auth options) under the client cert auth ?
>> I think the basic auth rule should read "Basic HTTP AuthN should be over TLS/ SSL" ?
>> 
>> Great stuff, more notes to come…..
>> 
>> 
>> 
>> On Oct 6, 2011, at 8:52 PM, Jim Manico wrote:
>> 
>>> Hello Leaders,
>>> 
>>> We just pushed our first version of the Web Service Security cheat sheet here:
>>> 
>>> https://www.owasp.org/index.php/Web_Service_Security_Cheat_Sheet
>>> 
>>> Thanks to Gunnar Peterson for getting us started, to Sherif Koussa for driving it home, and for that many others who helped provide content and suggestions.
>>> 
>>> I would be very grateful if the web service security experts in our community would take a peek (its a fast read) and provide comments. 
>>> 
>>> Thanks all,
>>> 
>>> -- 
>>> Jim Manico
>>> 
>>> Connections Committee Chair
>>> Cheatsheet Series Product Manager
>>> OWASP Podcast Producer/Host
>>> 
>>> jim at owasp.org
>>> www.owasp.org
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 



More information about the OWASP-Leaders mailing list