[Owasp-leaders] New OWASP project

mark curphey mark at curphey.com
Mon Oct 31 20:58:25 EDT 2011


Avoiding the obvious of MD5 pseudo ciollisions, SHA-1 and storing a digest on the same physical location as the object file (i.e. any good security architect is going have a field day), what has this got to do with making application security visible?

On Oct 31, 2011, at 5:39 PM, Mark Bristow wrote:

> I disagree I think it squarely supports the AppSec mission.
> 
> Best of luck Lucas and team.
> 
> Mark Bristow
> Global Conferences Committee, Chair
> mark.bristow at owasp.org
> (703) 596-5175
> 
> Sent concisely from my wireless device
> 
> ----- Reply message -----
> From: "Christian Heinrich" <christian.heinrich at owasp.org>
> To: "Jim Manico" <jim.manico at owasp.org>
> Cc: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>
> Subject: [Owasp-leaders] New OWASP project
> Date: Mon, Oct 31, 2011 8:15 pm
> 
> 
> 
> Jim,
> 
> No disrespect to the Lucas but Mark does have a point i.e. the project is not directly related to webappsec or appsec.
> 
> It could be brought into scope if it focused on files related to web servers e.g. IIS and web applications e.g. Wordpress.
> 
> 
> On Tue, Nov 1, 2011 at 10:58 AM, Jim Manico <jim.manico at owasp.org> wrote:
> A better question is, is there any reason why OWASP should not be doing
> this?
> 
> We need to encourage new projects and err on the side of welcoming
> volunteers who are willing to actually do some work!
> 
> - Jim
> 
> > Hiya, sorry if I am missing something obvious but why is owasp doing this ?
> >
> > Sent from my Phone
> >
> > On Oct 31, 2011, at 4:48 PM, Lucas Ferreira <lucas.ferreira at owasp.org> wrote:
> >
> >> Dear fellow leaders,
> >>
> >> I'd like to announce a new OWASP project, the OWASP File Hash
> >> Repository (https://www.owasp.org/index.php/OWASP_File_Hash_Repository).
> >> Its descritption is:
> >>
> >> The goal of this project is to build a repository of hashes of
> >> executable and source files. This repository can then be queried by
> >> clients to determine the status os of files based on their hashes.
> >> Some statuses are GOOD, MALWARE, SOURCE CHECKED, etc. This repository
> >> can consolidate several available sources (NIST, MHR, VirusTotal, etc)
> >> and provide better query capabilities.
> >>
> >> The project mailing list is available here:
> >> https://lists.owasp.org/mailman/listinfo/owasp-file-hash-repository,
> >> or contact me directly if you have questions or comments.
> >>
> >> Best regards,
> >>
> >> Lucas
> >>
> >> --
> >> Homo sapiens non urinat in ventum.
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> --
> Jim Manico
> 
> Connections Committee Chair
> Cheatsheet Series Product Manager
> OWASP Podcast Producer/Host
> 
> jim at owasp.org
> www.owasp.org
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> 
> -- 
> Regards,
> Christian Heinrich
> http://www.owasp.org/index.php/user:cmlh
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list