[Owasp-leaders] OWASP Top-10 update (was: Re: A great story)
Tobias
tobias.gondrom at owasp.org
Sat Feb 2 02:31:13 UTC 2013
Hi guys,
actually while we are on the topic of OWASP Top-10.
Are there any plans for an 2013 update of the OWASP Top-10?
Considering the current one is from 2010...
Best regards, Tobias
On 02/02/13 07:55, Jason Johnson wrote:
> Best part is I will be using this in meeting for the government.
>
> On Feb 1, 2013 5:37 PM, "Dennis Groves" <dennis.groves at owasp.org
> <mailto:dennis.groves at owasp.org>> wrote:
>
> On 1 Feb 2013, at 22:54, Konstantinos Papapanagiotou wrote:
>
> It's truly amazing what we've turned this thread into. :)
> Despite various formal or informal definitions, I believe that
> "marketing" wise it's better to talk about the top10 risks
> rather than the top10 vulnerabilities.
>
>
> I can't agree with Konstantinos more!!! Business executives don't
> have one fuck to give about vulnerabilities; but you start talking
> about 'risk' to their business and they are all ears. It is about
> the relevance to the companies we are trying to assist; not about
> what it 'technically' is that matters…
>
>
>
> Can help get heard by executives while the rest will easily
> think that practically risks are [a result of] technical
> vulnerabilities.
>
> Kostas
>
> On 2 Φεβ 2013, at 0:48, Eoin <eoin.keary at owasp.org
> <mailto:eoin.keary at owasp.org>> wrote:
>
> It's a payload delivery system.
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988 <tel:%2B353%2087%20977%202988>
>
>
> On 1 Feb 2013, at 22:33, Jim Manico <jim.manico at owasp.org
> <mailto:jim.manico at owasp.org>> wrote:
>
> I do not think of XSS as an attack, XSS is a weakness or
> vulnerability.
>
> An attack would be something like "Site Defacement using
> XSS".
>
> Aloha,
> Jim
>
> Roughly. XSS is used as
> xss = weakness, vulnerability, attack (and some more)
>
>
> Am 01.02.2013 22:23, schrieb Eoin:
>
> Nope. Risk is impact x probability
> Vulns = xss SQLI etc
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988 <tel:%2B353%2087%20977%202988>
>
>
> On 1 Feb 2013, at 20:43, Tom Brennan
> <tomb at owasp.org <mailto:tomb at owasp.org>> wrote:
>
> Considering its risks not vulns., hope he
> updates his cards for 2013
>
>
> On Feb 1, 2013, at 3:39 PM, "Dennis Groves"
> <dennis.groves at owasp.org
> <mailto:dennis.groves at owasp.org>> wrote:
>
> Hello OWASP,
>
> I couldn't resist posting this to the
> list! I think that is just pure awesome!
>
> I ran across this sole proprietor of
> this security firm this week at a local
> security event. He expressed a great
> deal of gratitude and thanked us for all
> the amazing work the community has produced.
>
> He said he had the OWASP top 10 on the
> back of his business cards since the
> OWASP top 10 was published, but he
> didn't have any with him, so I gave him
> mine and promised to send me his card
> when he got home.
>
> And since they are digital, I just had
> to share this with the list. He said
> OWASP helped his micro-business
> enormously because his clients were not
> able to ignore his advice anymore
> because 'the worlds security experts'
> were advocating the same practices.
>
> Anyhow, I love stories about how OWASP
> made a difference for people & I hope
> you do too.
>
> Dennis
>
> Dennis Groves, MSc
>
>
> _________________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> <mailto:OWASP-Leaders at lists.owasp.org>
> https://lists.owasp.org/__mailman/listinfo/owasp-leaders
> <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>
> _________________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> <mailto:OWASP-Leaders at lists.owasp.org>
> https://lists.owasp.org/__mailman/listinfo/owasp-leaders
> <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>
> _________________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
> https://lists.owasp.org/__mailman/listinfo/owasp-leaders
> <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>
>
>
> --
> [Dennis Groves](http://about.me/__dennis.groves
> <http://about.me/dennis.groves>), MSc
> [Email me](mailto:dennis.groves at __owasp.org
> <mailto:dennis.groves at owasp.org>) or [schedule a
> meeting](http://goo.gl/8sPIy).
>
> *This email is licensed under a [CC BY-ND
> 3.0](http://creativecommons.__org/licenses/by-nd/3.0/deed.__en_GB
> <http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB>) license.*
>
> **Please do not send me Microsoft Office/Apple iWork documents.**
> Send [OpenDocument](http://fsf.org/__campaigns/opendocument/
> <http://fsf.org/campaigns/opendocument/>) instead!
> Stand up for your freedom to install [free
> software](http://www.fsf.org/__campaigns/secure-boot/__statement
> <http://www.fsf.org/campaigns/secure-boot/statement>).
> _________________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
> https://lists.owasp.org/__mailman/listinfo/owasp-leaders
> <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
More information about the OWASP-Leaders
mailing list