[Owasp-leaders] OWASP Top 10 2012

Venkatesh Jagannathan venki at owasp.org
Fri Oct 7 10:28:54 EDT 2011


Hi Erwin,
    I slightly disagree here. Whatever issue is present in .NET, the same
can be replated very much in Java. When I give trainning on writing secure
code, based on top 10, i provide samples on both .net & java way.
To me, creating a seperate material for java/.net would at some point in
time end up in too many "issuelets" that are language specific and dilute
the concept of OWASP top 10.

I think the way we should address this is: Provide examples in all languages
would make more sense than creating one for each language :)

Thanks & Regards,
~Venki

On Fri, Oct 7, 2011 at 7:47 PM, Erwin Geirnaert <
erwin.geirnaert at zionsecurity.com> wrote:

>  Hi list,
>
> During some discussions this week with Java developers while giving a
> security training I got the following remark: "why are there so many
> ASP.NET/PHP <http://asp.net/PHP> issues in the OWASP Top 10, is Java more
> secure"?
>
> So what I propose is to create a specific OWASP Top 10 for different
> technologies: Microsoft, Java, PHP and we can still have one global Top 10.
> Ofcourse based on the CVE database but it will be more clear for the
> developers and I think that the OWASP Top 10 for Java will be very different
> than OWASP Top 10 for PHP.
>
> Best regards,
>
> Erwin
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20111007/f6c266ea/attachment.html 


More information about the OWASP-Leaders mailing list