[Owasp-leaders] New OWASP project

dinis cruz dinis.cruz at owasp.org
Mon Oct 31 21:24:03 EDT 2011


In the future, I also would like to use this project's db and
infrastructure to map (for example) the hashes of framework files
(JavaScript, java, c#) for the cases where is public info about its
security status/scorecard

Dinis Cruz

On 1 Nov 2011, at 01:17, Jim Manico <jim.manico at owasp.org> wrote:

> This project is an open source database to aid in malware detection.
> Detecting malware is a crucial defensive mechanism when building file
> upload services.
> Providing good application security tools for developers helps aid our
> mission of spreading awareness.
>
> - Jim
>
>> Avoiding the obvious of MD5 pseudo ciollisions, SHA-1 and storing a digest on the same physical location as the object file (i.e. any good security architect is going have a field day), what has this got to do with making application security visible?
>>
>> On Oct 31, 2011, at 5:39 PM, Mark Bristow wrote:
>>
>>> I disagree I think it squarely supports the AppSec mission.
>>>
>>> Best of luck Lucas and team.
>>>
>>> Mark Bristow
>>> Global Conferences Committee, Chair
>>> mark.bristow at owasp.org
>>> (703) 596-5175
>>>
>>> Sent concisely from my wireless device
>>>
>>> ----- Reply message -----
>>> From: "Christian Heinrich" <christian.heinrich at owasp.org>
>>> To: "Jim Manico" <jim.manico at owasp.org>
>>> Cc: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>
>>> Subject: [Owasp-leaders] New OWASP project
>>> Date: Mon, Oct 31, 2011 8:15 pm
>>>
>>>
>>>
>>> Jim,
>>>
>>> No disrespect to the Lucas but Mark does have a point i.e. the project is not directly related to webappsec or appsec.
>>>
>>> It could be brought into scope if it focused on files related to web servers e.g. IIS and web applications e.g. Wordpress.
>>>
>>>
>>> On Tue, Nov 1, 2011 at 10:58 AM, Jim Manico <jim.manico at owasp.org> wrote:
>>> A better question is, is there any reason why OWASP should not be doing
>>> this?
>>>
>>> We need to encourage new projects and err on the side of welcoming
>>> volunteers who are willing to actually do some work!
>>>
>>> - Jim
>>>
>>>> Hiya, sorry if I am missing something obvious but why is owasp doing this ?
>>>>
>>>> Sent from my Phone
>>>>
>>>> On Oct 31, 2011, at 4:48 PM, Lucas Ferreira <lucas.ferreira at owasp.org> wrote:
>>>>
>>>>> Dear fellow leaders,
>>>>>
>>>>> I'd like to announce a new OWASP project, the OWASP File Hash
>>>>> Repository (https://www.owasp.org/index.php/OWASP_File_Hash_Repository).
>>>>> Its descritption is:
>>>>>
>>>>> The goal of this project is to build a repository of hashes of
>>>>> executable and source files. This repository can then be queried by
>>>>> clients to determine the status os of files based on their hashes.
>>>>> Some statuses are GOOD, MALWARE, SOURCE CHECKED, etc. This repository
>>>>> can consolidate several available sources (NIST, MHR, VirusTotal, etc)
>>>>> and provide better query capabilities.
>>>>>
>>>>> The project mailing list is available here:
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-file-hash-repository,
>>>>> or contact me directly if you have questions or comments.
>>>>>
>>>>> Best regards,
>>>>>
>>>>> Lucas
>>>>>
>>>>> --
>>>>> Homo sapiens non urinat in ventum.
>>>>> _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>> --
>>> Jim Manico
>>>
>>> Connections Committee Chair
>>> Cheatsheet Series Product Manager
>>> OWASP Podcast Producer/Host
>>>
>>> jim at owasp.org
>>> www.owasp.org
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>> --
>>> Regards,
>>> Christian Heinrich
>>> http://www.owasp.org/index.php/user:cmlh
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> --
> Jim Manico
>
> Connections Committee Chair
> Cheatsheet Series Product Manager
> OWASP Podcast Producer/Host
>
> jim at owasp.org
> www.owasp.org
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list