[Owasp-leaders] New OWASP project

Jim Manico jim.manico at owasp.org
Mon Oct 31 21:16:56 EDT 2011


This project is an open source database to aid in malware detection.
Detecting malware is a crucial defensive mechanism when building file
upload services.
Providing good application security tools for developers helps aid our
mission of spreading awareness.

- Jim

> Avoiding the obvious of MD5 pseudo ciollisions, SHA-1 and storing a digest on the same physical location as the object file (i.e. any good security architect is going have a field day), what has this got to do with making application security visible?
>
> On Oct 31, 2011, at 5:39 PM, Mark Bristow wrote:
>
>> I disagree I think it squarely supports the AppSec mission.
>>
>> Best of luck Lucas and team.
>>
>> Mark Bristow
>> Global Conferences Committee, Chair
>> mark.bristow at owasp.org
>> (703) 596-5175
>>
>> Sent concisely from my wireless device
>>
>> ----- Reply message -----
>> From: "Christian Heinrich" <christian.heinrich at owasp.org>
>> To: "Jim Manico" <jim.manico at owasp.org>
>> Cc: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>
>> Subject: [Owasp-leaders] New OWASP project
>> Date: Mon, Oct 31, 2011 8:15 pm
>>
>>
>>
>> Jim,
>>
>> No disrespect to the Lucas but Mark does have a point i.e. the project is not directly related to webappsec or appsec.
>>
>> It could be brought into scope if it focused on files related to web servers e.g. IIS and web applications e.g. Wordpress.
>>
>>
>> On Tue, Nov 1, 2011 at 10:58 AM, Jim Manico <jim.manico at owasp.org> wrote:
>> A better question is, is there any reason why OWASP should not be doing
>> this?
>>
>> We need to encourage new projects and err on the side of welcoming
>> volunteers who are willing to actually do some work!
>>
>> - Jim
>>
>>> Hiya, sorry if I am missing something obvious but why is owasp doing this ?
>>>
>>> Sent from my Phone
>>>
>>> On Oct 31, 2011, at 4:48 PM, Lucas Ferreira <lucas.ferreira at owasp.org> wrote:
>>>
>>>> Dear fellow leaders,
>>>>
>>>> I'd like to announce a new OWASP project, the OWASP File Hash
>>>> Repository (https://www.owasp.org/index.php/OWASP_File_Hash_Repository).
>>>> Its descritption is:
>>>>
>>>> The goal of this project is to build a repository of hashes of
>>>> executable and source files. This repository can then be queried by
>>>> clients to determine the status os of files based on their hashes.
>>>> Some statuses are GOOD, MALWARE, SOURCE CHECKED, etc. This repository
>>>> can consolidate several available sources (NIST, MHR, VirusTotal, etc)
>>>> and provide better query capabilities.
>>>>
>>>> The project mailing list is available here:
>>>> https://lists.owasp.org/mailman/listinfo/owasp-file-hash-repository,
>>>> or contact me directly if you have questions or comments.
>>>>
>>>> Best regards,
>>>>
>>>> Lucas
>>>>
>>>> --
>>>> Homo sapiens non urinat in ventum.
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>> --
>> Jim Manico
>>
>> Connections Committee Chair
>> Cheatsheet Series Product Manager
>> OWASP Podcast Producer/Host
>>
>> jim at owasp.org
>> www.owasp.org
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>> -- 
>> Regards,
>> Christian Heinrich
>> http://www.owasp.org/index.php/user:cmlh
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders


-- 
Jim Manico

Connections Committee Chair
Cheatsheet Series Product Manager
OWASP Podcast Producer/Host

jim at owasp.org
www.owasp.org



More information about the OWASP-Leaders mailing list