[Owasp-leaders] The OWASP Periodic Table Project

Jim Manico jim.manico at owasp.org
Tue Mar 5 20:47:46 UTC 2013

Input validation is not the right control for SQL Injection, Dennis. https://www.owasp.org/index.php/Query_Parameterization_Cheat_Sheet

But otherwise you are right on. What you describe below is the direction I think James will be taking this.

Definitely a project to watch in my opinion.


- Jim Manico

> On 5 Mar 2013, at 20:35, Eoin wrote:
>> So the periodic table is a list of vulns right? Best we share the work
>> we did on the owasp common numbering system?
> Not a list of vulns, the periodic table is a taxonomy of similarities.
> Gases, liquids, solids etc… I imagine a taxonomy of vulns: input
> validation, authorisation, access control, etc.. (the top 10 controls?)
> Within the taxonomy of gasses are air, and helium for example. I further
> imagine that input validation will have XSS & SQLi for example. I would
> further imagine that the OWASP periodic table has its own shape that
> doesn't much resemble the actual periodic table…
> so I see it as a project to group known issues according to related root
> causes.
> Is this how others view this project?
> Dennis

More information about the OWASP-Leaders mailing list