[Owasp-leaders] OWASP Top 10 2012

Venkatesh Jagannathan venki at owasp.org
Fri Oct 7 10:30:21 EDT 2011


If you still decide on creating language specific issues, I am still game :)

I can contribute code samples and any kind of help you may need.

Thanks & Regards,
~Venki

On Fri, Oct 7, 2011 at 7:58 PM, Venkatesh Jagannathan <venki at owasp.org>wrote:

> Hi Erwin,
>     I slightly disagree here. Whatever issue is present in .NET, the same
> can be replated very much in Java. When I give trainning on writing secure
> code, based on top 10, i provide samples on both .net & java way.
> To me, creating a seperate material for java/.net would at some point in
> time end up in too many "issuelets" that are language specific and dilute
> the concept of OWASP top 10.
>
> I think the way we should address this is: Provide examples in all
> languages would make more sense than creating one for each language :)
>
> Thanks & Regards,
> ~Venki
>
>   On Fri, Oct 7, 2011 at 7:47 PM, Erwin Geirnaert <
> erwin.geirnaert at zionsecurity.com> wrote:
>
>>   Hi list,
>>
>> During some discussions this week with Java developers while giving a
>> security training I got the following remark: "why are there so many
>> ASP.NET/PHP <http://asp.net/PHP> issues in the OWASP Top 10, is Java more
>> secure"?
>>
>> So what I propose is to create a specific OWASP Top 10 for different
>> technologies: Microsoft, Java, PHP and we can still have one global Top 10.
>> Ofcourse based on the CVE database but it will be more clear for the
>> developers and I think that the OWASP Top 10 for Java will be very different
>> than OWASP Top 10 for PHP.
>>
>> Best regards,
>>
>> Erwin
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20111007/75241096/attachment.html 


More information about the OWASP-Leaders mailing list