[Owasp-leaders] A great story

Jason Johnson jason.johnson at owasp.org
Fri Feb 1 23:32:42 UTC 2013


Ohhhh we need to document this
On Feb 1, 2013 4:40 PM, "Konstantinos Papapanagiotou" <
konstantinos at owasp.org> wrote:

> That's actually the result (or impact) of the attack. Code injection that
> takes advantage of an XSS vulnerability is the attack vector.
>
> Kostas
>
>
> On 2 Φεβ 2013, at 0:33, Jim Manico <jim.manico at owasp.org> wrote:
>
> > I do not think of XSS as an attack, XSS is a weakness or vulnerability.
> >
> > An attack would be something like "Site Defacement using XSS".
> >
> > Aloha,
> > Jim
> >
> >> Roughly. XSS is used as
> >> xss = weakness, vulnerability, attack (and some more)
> >>
> >>
> >> Am 01.02.2013 22:23, schrieb Eoin:
> >>> Nope. Risk is impact x probability
> >>> Vulns = xss SQLI etc
> >>>
> >>> Eoin Keary
> >>> Owasp Global Board
> >>> +353 87 977 2988
> >>>
> >>>
> >>> On 1 Feb 2013, at 20:43, Tom Brennan <tomb at owasp.org> wrote:
> >>>
> >>>> Considering its risks not vulns., hope he updates his cards for 2013
> >>>>
> >>>>
> >>>> On Feb 1, 2013, at 3:39 PM, "Dennis Groves" <dennis.groves at owasp.org>
> wrote:
> >>>>
> >>>>> Hello OWASP,
> >>>>>
> >>>>> I couldn't resist posting this to the list! I think that is just
> pure awesome!
> >>>>>
> >>>>> I ran across this sole proprietor of this security firm this week at
> a local security event. He expressed a great deal of gratitude and thanked
> us for all the amazing work the community has produced.
> >>>>>
> >>>>> He said he had the OWASP top 10 on the back of his business cards
> since the OWASP top 10 was published, but he didn't have any with him, so I
> gave him mine and promised to send me his card when he got home.
> >>>>>
> >>>>> And since they are digital, I just had to share this with the list.
> He said OWASP helped his micro-business enormously because his clients were
> not able to ignore his advice anymore because 'the worlds security experts'
> were advocating the same practices.
> >>>>>
> >>>>> Anyhow, I love stories about how OWASP made a difference for people
> & I hope you do too.
> >>>>>
> >>>>> Dennis
> >>>>>
> >>>>> Dennis Groves, MSc
> >>
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130201/f4483032/attachment.html>


More information about the OWASP-Leaders mailing list