[Owasp-leaders] A great story

Eoin eoin.keary at owasp.org
Fri Feb 1 22:48:50 UTC 2013


It's a payload delivery system. 

Eoin Keary
Owasp Global Board
+353 87 977 2988


On 1 Feb 2013, at 22:33, Jim Manico <jim.manico at owasp.org> wrote:

> I do not think of XSS as an attack, XSS is a weakness or vulnerability.
> 
> An attack would be something like "Site Defacement using XSS".
> 
> Aloha,
> Jim
> 
>> Roughly. XSS is used as
>> xss = weakness, vulnerability, attack (and some more)
>> 
>> 
>> Am 01.02.2013 22:23, schrieb Eoin:
>>> Nope. Risk is impact x probability
>>> Vulns = xss SQLI etc
>>> 
>>> Eoin Keary
>>> Owasp Global Board
>>> +353 87 977 2988
>>> 
>>> 
>>> On 1 Feb 2013, at 20:43, Tom Brennan <tomb at owasp.org> wrote:
>>> 
>>>> Considering its risks not vulns., hope he updates his cards for 2013
>>>> 
>>>> 
>>>> On Feb 1, 2013, at 3:39 PM, "Dennis Groves" <dennis.groves at owasp.org> wrote:
>>>> 
>>>>> Hello OWASP,
>>>>> 
>>>>> I couldn't resist posting this to the list! I think that is just pure awesome!
>>>>> 
>>>>> I ran across this sole proprietor of this security firm this week at a local security event. He expressed a great deal of gratitude and thanked us for all the amazing work the community has produced.
>>>>> 
>>>>> He said he had the OWASP top 10 on the back of his business cards since the OWASP top 10 was published, but he didn't have any with him, so I gave him mine and promised to send me his card when he got home.
>>>>> 
>>>>> And since they are digital, I just had to share this with the list. He said OWASP helped his micro-business enormously because his clients were not able to ignore his advice anymore because 'the worlds security experts' were advocating the same practices.
>>>>> 
>>>>> Anyhow, I love stories about how OWASP made a difference for people & I hope you do too.
>>>>> 
>>>>> Dennis
>>>>> 
>>>>> Dennis Groves, MSc
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 


More information about the OWASP-Leaders mailing list