[Owasp-leaders] OWASP Top 10 2012

Jim Manico jim.manico at owasp.org
Fri Oct 7 11:04:36 EDT 2011


Exactly! First of all, Troy Hunt is a total rockstar. He is mirroring
the OWASP Top Ten in a way that is 100% .NET branded for .NET
developers with .NET solutions.

Even if the actually high level items are the same as the general Top
Ten, the language branded versions reach developers and speak to
developers in a pretty deep way.

The devil is in the detail - and unlike the general Top Ten, Troy's
work provides fairly deep prescriptive language-specific solutions.

There are several bloggers (Melton?) who have pushed out Java centric
Top Ten literature. The groundwork is out there. I'd love to see a
group managed by Dave's penchant for detail to produce (at least)
official OWASP Java,  .NET and PHP Top Ten documents. I think this is
a better approach than just providing language specific examples in
the general doc for the sake of deeply influencing developers.

IMO,
--
Jim Manico
(808) 652-3805

On Oct 7, 2011, at 9:53 AM, Mark Curphey <mark at curphey.com> wrote:

> Troy hunt has already done a series on T10 and .net. He's a .net security MVP.  I am sure he'll donate. Shall I ask him?
>
> Sent from my iPhone
>
> On Oct 7, 2011, at 7:21 AM, Jim Manico <jim.manico at owasp.org> wrote:
>
>> Yes, you are right on. It's a crucial way to influence developers more
>> - and influencing developers is the real mission of OWASP from days of
>> yore. Shall we get started? I'll lend a hand.
>>
>> --
>> Jim Manico
>> (808) 652-3805
>>
>> On Oct 7, 2011, at 9:18 AM, Erwin Geirnaert
>> <erwin.geirnaert at zionsecurity.com> wrote:
>>
>>> Hi list,
>>>
>>> During some discussions this week with Java developers while giving a security training I got the following remark: "why are there so many ASP.NET/PHP issues in the OWASP Top 10, is Java more secure"?
>>>
>>> So what I propose is to create a specific OWASP Top 10 for different technologies: Microsoft, Java, PHP and we can still have one global Top 10.
>>> Ofcourse based on the CVE database but it will be more clear for the developers and I think that the OWASP Top 10 for Java will be very different than OWASP Top 10 for PHP.
>>>
>>> Best regards,
>>>
>>> Erwin
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list