[Owasp-leaders] Attack Surface Analysis
eoin.keary at owasp.org
Sat Sep 1 12:14:14 UTC 2012
It would be nice to include some attack surface analysis on mobile?
This can be pretty low level stuff such as inter-component comms, component privilege, ssl sec etc.
Would that fit at all?
Owasp Global Board
+353 87 977 2988
On 1 Sep 2012, at 06:15, vanderaj vanderaj <vanderaj at owasp.org> wrote:
> I like to see "Stories", with a fairly straightforward path from start to middle to finish. In a cheat sheet, this means a short story amount of exposition and character development.
> Why - what use case does this cheat sheet apply to. It's currently called Introduction, but I think it should answer the question - "why should I care about defining and measuring the attack surface".
> The How is answered fully, and that requires little attention, but as it's a process, a simple process diagram would be nice.
> The What is currently an abstract list, so an example illustrating the point using a use case that'd we all be familiar with; something like a Fandango or Expedia type of site - i.e. defining the critical data assets (cc data, booking details, etc) and critical flows - finding something, making a booking, checking out, customer service).
> The Who is not really answered. Who would undertake this task? In my personal view, this is a security architect and pen tester, but developers should be able to self-assess.
> Other than that, I think it's a fine final draft that I would be proud of if I had written it. Good work, fellas!
> On Sat, Sep 1, 2012 at 1:40 PM, Jim Manico <jim.manico at owasp.org> wrote:
> What changes do we need to get this out of draft mode? Send us more feedback (off the leaders list) and we will address it.
> Jim Manico
> (808) 652-3805
> On Aug 31, 2012, at 6:39 PM, vanderaj vanderaj <vanderaj at owasp.org> wrote:
>> Nice. I like it.
>> How does it get out of draft? This is around beta quality in my view.
>> On Tue, Aug 28, 2012 at 9:26 AM, Jim Manico <jim.manico at owasp.org> wrote:
>> Jim Bird was kind enough to author one of the first "attacker" cheat
>> sheets on attack surface analysis.
>> Comments are greatly appreciated!
>> Jim Manico
>> (808) 652-3805
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders