[Owasp-leaders] A great story

Eoin eoin.keary at owasp.org
Fri Feb 1 23:04:49 UTC 2013


Nope. 
Result is loosing stuff.
Attack is malicious script
Xss is delivery mechanism

That's how I see the world anyways.


Eoin Keary
Owasp Global Board
+353 87 977 2988


On 1 Feb 2013, at 22:54, Konstantinos Papapanagiotou <konstantinos at owasp.org> wrote:

> It's truly amazing what we've turned this thread into. :)
> Despite various formal or informal definitions, I believe that "marketing" wise it's better to talk about the top10 risks rather than the top10 vulnerabilities. Can help get heard by executives while the rest will easily think that practically risks are [a result of] technical vulnerabilities.
> 
> Kostas
> 
> On 2 Φεβ 2013, at 0:48, Eoin <eoin.keary at owasp.org> wrote:
> 
>> It's a payload delivery system. 
>> 
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>> 
>> 
>> On 1 Feb 2013, at 22:33, Jim Manico <jim.manico at owasp.org> wrote:
>> 
>>> I do not think of XSS as an attack, XSS is a weakness or vulnerability.
>>> 
>>> An attack would be something like "Site Defacement using XSS".
>>> 
>>> Aloha,
>>> Jim
>>> 
>>>> Roughly. XSS is used as
>>>> xss = weakness, vulnerability, attack (and some more)
>>>> 
>>>> 
>>>> Am 01.02.2013 22:23, schrieb Eoin:
>>>>> Nope. Risk is impact x probability
>>>>> Vulns = xss SQLI etc
>>>>> 
>>>>> Eoin Keary
>>>>> Owasp Global Board
>>>>> +353 87 977 2988
>>>>> 
>>>>> 
>>>>> On 1 Feb 2013, at 20:43, Tom Brennan <tomb at owasp.org> wrote:
>>>>> 
>>>>>> Considering its risks not vulns., hope he updates his cards for 2013
>>>>>> 
>>>>>> 
>>>>>> On Feb 1, 2013, at 3:39 PM, "Dennis Groves" <dennis.groves at owasp.org> wrote:
>>>>>> 
>>>>>>> Hello OWASP,
>>>>>>> 
>>>>>>> I couldn't resist posting this to the list! I think that is just pure awesome!
>>>>>>> 
>>>>>>> I ran across this sole proprietor of this security firm this week at a local security event. He expressed a great deal of gratitude and thanked us for all the amazing work the community has produced.
>>>>>>> 
>>>>>>> He said he had the OWASP top 10 on the back of his business cards since the OWASP top 10 was published, but he didn't have any with him, so I gave him mine and promised to send me his card when he got home.
>>>>>>> 
>>>>>>> And since they are digital, I just had to share this with the list. He said OWASP helped his micro-business enormously because his clients were not able to ignore his advice anymore because 'the worlds security experts' were advocating the same practices.
>>>>>>> 
>>>>>>> Anyhow, I love stories about how OWASP made a difference for people & I hope you do too.
>>>>>>> 
>>>>>>> Dennis
>>>>>>> 
>>>>>>> Dennis Groves, MSc
>>>> 
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list