[Owasp-leaders] OWASP Top-10 update (was: Re: A great story)

Tobias tobias.gondrom at owasp.org
Sat Feb 2 02:31:13 UTC 2013


Hi guys,

actually while we are on the topic of OWASP Top-10.
Are there any plans for an 2013 update of the OWASP Top-10?
Considering the current one is from 2010...

Best regards, Tobias



On 02/02/13 07:55, Jason Johnson wrote:
> Best part is I will be using this in meeting for the government.
> 
> On Feb 1, 2013 5:37 PM, "Dennis Groves" <dennis.groves at owasp.org
> <mailto:dennis.groves at owasp.org>> wrote:
> 
>     On 1 Feb 2013, at 22:54, Konstantinos Papapanagiotou wrote:
> 
>         It's truly amazing what we've turned this thread into. :)
>         Despite various formal or informal definitions, I believe that
>         "marketing" wise it's better to talk about the top10 risks
>         rather than the top10 vulnerabilities.
> 
> 
>     I can't agree with Konstantinos more!!! Business executives don't
>     have one fuck to give about vulnerabilities; but you start talking
>     about 'risk' to their business and they are all ears. It is about
>     the relevance to the companies we are trying to assist; not about
>     what it 'technically' is that matters…
> 
> 
> 
>         Can help get heard by executives while the rest will easily
>         think that practically risks are [a result of] technical
>         vulnerabilities.
> 
>         Kostas
> 
>         On 2 Φεβ 2013, at 0:48, Eoin <eoin.keary at owasp.org
>         <mailto:eoin.keary at owasp.org>> wrote:
> 
>             It's a payload delivery system.
> 
>             Eoin Keary
>             Owasp Global Board
>             +353 87 977 2988 <tel:%2B353%2087%20977%202988>
> 
> 
>             On 1 Feb 2013, at 22:33, Jim Manico <jim.manico at owasp.org
>             <mailto:jim.manico at owasp.org>> wrote:
> 
>                 I do not think of XSS as an attack, XSS is a weakness or
>                 vulnerability.
> 
>                 An attack would be something like "Site Defacement using
>                 XSS".
> 
>                 Aloha,
>                 Jim
> 
>                     Roughly. XSS is used as
>                     xss = weakness, vulnerability, attack (and some more)
> 
> 
>                     Am 01.02.2013 22:23, schrieb Eoin:
> 
>                         Nope. Risk is impact x probability
>                         Vulns = xss SQLI etc
> 
>                         Eoin Keary
>                         Owasp Global Board
>                         +353 87 977 2988 <tel:%2B353%2087%20977%202988>
> 
> 
>                         On 1 Feb 2013, at 20:43, Tom Brennan
>                         <tomb at owasp.org <mailto:tomb at owasp.org>> wrote:
> 
>                             Considering its risks not vulns., hope he
>                             updates his cards for 2013
> 
> 
>                             On Feb 1, 2013, at 3:39 PM, "Dennis Groves"
>                             <dennis.groves at owasp.org
>                             <mailto:dennis.groves at owasp.org>> wrote:
> 
>                                 Hello OWASP,
> 
>                                 I couldn't resist posting this to the
>                                 list! I think that is just pure awesome!
> 
>                                 I ran across this sole proprietor of
>                                 this security firm this week at a local
>                                 security event. He expressed a great
>                                 deal of gratitude and thanked us for all
>                                 the amazing work the community has produced.
> 
>                                 He said he had the OWASP top 10 on the
>                                 back of his business cards since the
>                                 OWASP top 10 was published, but he
>                                 didn't have any with him, so I gave him
>                                 mine and promised to send me his card
>                                 when he got home.
> 
>                                 And since they are digital, I just had
>                                 to share this with the list. He said
>                                 OWASP helped his micro-business
>                                 enormously because his clients were not
>                                 able to ignore his advice anymore
>                                 because 'the worlds security experts'
>                                 were advocating the same practices.
> 
>                                 Anyhow, I love stories about how OWASP
>                                 made a difference for people & I hope
>                                 you do too.
> 
>                                 Dennis
> 
>                                 Dennis Groves, MSc
> 
> 
>                     _________________________________________________
>                     OWASP-Leaders mailing list
>                     OWASP-Leaders at lists.owasp.org
>                     <mailto:OWASP-Leaders at lists.owasp.org>
>                     https://lists.owasp.org/__mailman/listinfo/owasp-leaders
>                     <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
> 
>             _________________________________________________
>             OWASP-Leaders mailing list
>             OWASP-Leaders at lists.owasp.org
>             <mailto:OWASP-Leaders at lists.owasp.org>
>             https://lists.owasp.org/__mailman/listinfo/owasp-leaders
>             <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
> 
>         _________________________________________________
>         OWASP-Leaders mailing list
>         OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>         https://lists.owasp.org/__mailman/listinfo/owasp-leaders
>         <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
> 
> 
> 
>     -- 
>     [Dennis Groves](http://about.me/__dennis.groves
>     <http://about.me/dennis.groves>), MSc
>     [Email me](mailto:dennis.groves at __owasp.org
>     <mailto:dennis.groves at owasp.org>) or [schedule a
>     meeting](http://goo.gl/8sPIy).
> 
>     *This email is licensed under a [CC BY-ND
>     3.0](http://creativecommons.__org/licenses/by-nd/3.0/deed.__en_GB
>     <http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB>) license.*
> 
>     **Please do not send me Microsoft Office/Apple iWork documents.**
>     Send [OpenDocument](http://fsf.org/__campaigns/opendocument/
>     <http://fsf.org/campaigns/opendocument/>) instead!
>     Stand up for your freedom to install [free
>     software](http://www.fsf.org/__campaigns/secure-boot/__statement
>     <http://www.fsf.org/campaigns/secure-boot/statement>).
>     _________________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/__mailman/listinfo/owasp-leaders
>     <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
> 
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 



More information about the OWASP-Leaders mailing list