[Owasp-leaders] OWASP Top-10 update (was: Re: A great story)

Jim Manico jim.manico at owasp.org
Sat Feb 2 10:43:13 UTC 2013


Dave Wichers is on it. The Top Ten 2013 will go out in March.

Aloha Tobias,

--
Jim Manico
@Manicode
(808) 652-3805

On Feb 1, 2013, at 8:04 PM, Jason Johnson <jason.johnson at owasp.org> wrote:

When corporations start moving application security to the forefront and
make it a priority
On Feb 1, 2013 8:31 PM, "Tobias" <tobias.gondrom at owasp.org> wrote:

> Hi guys,
>
> actually while we are on the topic of OWASP Top-10.
> Are there any plans for an 2013 update of the OWASP Top-10?
> Considering the current one is from 2010...
>
> Best regards, Tobias
>
>
>
> On 02/02/13 07:55, Jason Johnson wrote:
> > Best part is I will be using this in meeting for the government.
> >
> > On Feb 1, 2013 5:37 PM, "Dennis Groves" <dennis.groves at owasp.org
> > <mailto:dennis.groves at owasp.org>> wrote:
> >
> >     On 1 Feb 2013, at 22:54, Konstantinos Papapanagiotou wrote:
> >
> >         It's truly amazing what we've turned this thread into. :)
> >         Despite various formal or informal definitions, I believe that
> >         "marketing" wise it's better to talk about the top10 risks
> >         rather than the top10 vulnerabilities.
> >
> >
> >     I can't agree with Konstantinos more!!! Business executives don't
> >     have one fuck to give about vulnerabilities; but you start talking
> >     about 'risk' to their business and they are all ears. It is about
> >     the relevance to the companies we are trying to assist; not about
> >     what it 'technically' is that matters...
> >
> >
> >
> >         Can help get heard by executives while the rest will easily
> >         think that practically risks are [a result of] technical
> >         vulnerabilities.
> >
> >         Kostas
> >
> >         On 2 Φεβ 2013, at 0:48, Eoin <eoin.keary at owasp.org
> >         <mailto:eoin.keary at owasp.org>> wrote:
> >
> >             It's a payload delivery system.
> >
> >             Eoin Keary
> >             Owasp Global Board
> >             +353 87 977 2988 <tel:%2B353%2087%20977%202988>
> >
> >
> >             On 1 Feb 2013, at 22:33, Jim Manico <jim.manico at owasp.org
> >             <mailto:jim.manico at owasp.org>> wrote:
> >
> >                 I do not think of XSS as an attack, XSS is a weakness or
> >                 vulnerability.
> >
> >                 An attack would be something like "Site Defacement using
> >                 XSS".
> >
> >                 Aloha,
> >                 Jim
> >
> >                     Roughly. XSS is used as
> >                     xss = weakness, vulnerability, attack (and some more)
> >
> >
> >                     Am 01.02.2013 22:23, schrieb Eoin:
> >
> >                         Nope. Risk is impact x probability
> >                         Vulns = xss SQLI etc
> >
> >                         Eoin Keary
> >                         Owasp Global Board
> >                         +353 87 977 2988 <tel:%2B353%2087%20977%202988>
> >
> >
> >                         On 1 Feb 2013, at 20:43, Tom Brennan
> >                         <tomb at owasp.org <mailto:tomb at owasp.org>> wrote:
> >
> >                             Considering its risks not vulns., hope he
> >                             updates his cards for 2013
> >
> >
> >                             On Feb 1, 2013, at 3:39 PM, "Dennis Groves"
> >                             <dennis.groves at owasp.org
> >                             <mailto:dennis.groves at owasp.org>> wrote:
> >
> >                                 Hello OWASP,
> >
> >                                 I couldn't resist posting this to the
> >                                 list! I think that is just pure awesome!
> >
> >                                 I ran across this sole proprietor of
> >                                 this security firm this week at a local
> >                                 security event. He expressed a great
> >                                 deal of gratitude and thanked us for all
> >                                 the amazing work the community has
> produced.
> >
> >                                 He said he had the OWASP top 10 on the
> >                                 back of his business cards since the
> >                                 OWASP top 10 was published, but he
> >                                 didn't have any with him, so I gave him
> >                                 mine and promised to send me his card
> >                                 when he got home.
> >
> >                                 And since they are digital, I just had
> >                                 to share this with the list. He said
> >                                 OWASP helped his micro-business
> >                                 enormously because his clients were not
> >                                 able to ignore his advice anymore
> >                                 because 'the worlds security experts'
> >                                 were advocating the same practices.
> >
> >                                 Anyhow, I love stories about how OWASP
> >                                 made a difference for people & I hope
> >                                 you do too.
> >
> >                                 Dennis
> >
> >                                 Dennis Groves, MSc
> >
> >
> >                     _________________________________________________
> >                     OWASP-Leaders mailing list
> >                     OWASP-Leaders at lists.owasp.org
> >                     <mailto:OWASP-Leaders at lists.owasp.org>
> >
> https://lists.owasp.org/__mailman/listinfo/owasp-leaders
> >                     <
> https://lists.owasp.org/mailman/listinfo/owasp-leaders>
> >
> >             _________________________________________________
> >             OWASP-Leaders mailing list
> >             OWASP-Leaders at lists.owasp.org
> >             <mailto:OWASP-Leaders at lists.owasp.org>
> >             https://lists.owasp.org/__mailman/listinfo/owasp-leaders
> >             <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
> >
> >         _________________________________________________
> >         OWASP-Leaders mailing list
> >         OWASP-Leaders at lists.owasp.org <mailto:
> OWASP-Leaders at lists.owasp.org>
> >         https://lists.owasp.org/__mailman/listinfo/owasp-leaders
> >         <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
> >
> >
> >
> >     --
> >     [Dennis Groves](http://about.me/__dennis.groves
> >     <http://about.me/dennis.groves>), MSc
> >     [Email me](mailto:dennis.groves at __owasp.org
> >     <mailto:dennis.groves at owasp.org>) or [schedule a
> >     meeting](http://goo.gl/8sPIy).
> >
> >     *This email is licensed under a [CC BY-ND
> >     3.0](http://creativecommons.__org/licenses/by-nd/3.0/deed.__en_GB
> >     <http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB>)
> license.*
> >
> >     **Please do not send me Microsoft Office/Apple iWork documents.**
> >     Send [OpenDocument](http://fsf.org/__campaigns/opendocument/
> >     <http://fsf.org/campaigns/opendocument/>) instead!
> >     Stand up for your freedom to install [free
> >     software](http://www.fsf.org/__campaigns/secure-boot/__statement
> >     <http://www.fsf.org/campaigns/secure-boot/statement>).
> >     _________________________________________________
> >     OWASP-Leaders mailing list
> >     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
> >     https://lists.owasp.org/__mailman/listinfo/owasp-leaders
> >     <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
> >
> >
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130202/6112f8ab/attachment-0001.html>


More information about the OWASP-Leaders mailing list