[Owasp-leaders] Attack Surface Analysis

Eoin eoin.keary at owasp.org
Sat Sep 1 12:14:14 UTC 2012


It would be nice to include some attack surface analysis on mobile?
This can be pretty low level stuff such as inter-component comms, component privilege, ssl sec etc.
Would that fit at all?
Eoin




Eoin Keary
Owasp Global Board
+353 87 977 2988


On 1 Sep 2012, at 06:15, vanderaj vanderaj <vanderaj at owasp.org> wrote:

> I like to see "Stories", with a fairly straightforward path from start to middle to finish. In a cheat sheet, this means a short story amount of exposition and character development. 
> 
> Why - what use case does this cheat sheet apply to. It's currently called Introduction, but I think it should answer the question - "why should I care about defining and measuring the attack surface". 
> 
> The How is answered fully, and that requires little attention, but as it's a process, a simple process diagram would be nice. 
> 
> The What is currently an abstract list, so an example illustrating the point using a use case that'd we all be familiar with; something like a Fandango or Expedia type of site - i.e. defining the critical data assets (cc data, booking details, etc) and critical flows - finding something, making a booking, checking out, customer service). 
> 
> The Who is not really answered. Who would undertake this task? In my personal view, this is a security architect and pen tester, but developers should be able to self-assess.
> 
> Other than that, I think it's a fine final draft that I would be proud of if I had written it. Good work, fellas! 
> 
> thanks,
> Andrew
> 
> On Sat, Sep 1, 2012 at 1:40 PM, Jim Manico <jim.manico at owasp.org> wrote:
> Andrew,
> 
> What changes do we need to get this out of draft mode? Send us more feedback (off the leaders list) and we will address it.
> 
> Aloha,
> 
> 
> --
> Jim Manico
> (808) 652-3805
> 
> On Aug 31, 2012, at 6:39 PM, vanderaj vanderaj <vanderaj at owasp.org> wrote:
> 
>> Nice. I like it. 
>> 
>> How does it get out of draft? This is around beta quality in my view. 
>> 
>> thanks,
>> Andrew
>> 
>> On Tue, Aug 28, 2012 at 9:26 AM, Jim Manico <jim.manico at owasp.org> wrote:
>> Jim Bird was kind enough to author one  of the first "attacker" cheat
>> sheets on attack surface analysis.
>> 
>> Comments are greatly appreciated!
>> 
>> https://www.owasp.org/index.php/Attack_Surface_Analysis_Cheat_Sheet
>> 
>> --
>> Jim Manico
>> (808) 652-3805
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120901/bd7a90be/attachment.html>


More information about the OWASP-Leaders mailing list