[Owasp-leaders] The OWASP Periodic Table Project

Jim Manico jim.manico at owasp.org
Tue Mar 5 20:47:46 UTC 2013


Input validation is not the right control for SQL Injection, Dennis. https://www.owasp.org/index.php/Query_Parameterization_Cheat_Sheet

But otherwise you are right on. What you describe below is the direction I think James will be taking this.

Definitely a project to watch in my opinion.

Aloha,

- Jim Manico
@Manicode


> On 5 Mar 2013, at 20:35, Eoin wrote:
> 
>> So the periodic table is a list of vulns right? Best we share the work
>> we did on the owasp common numbering system?
> 
> Not a list of vulns, the periodic table is a taxonomy of similarities.
> Gases, liquids, solids etc… I imagine a taxonomy of vulns: input
> validation, authorisation, access control, etc.. (the top 10 controls?)
> Within the taxonomy of gasses are air, and helium for example. I further
> imagine that input validation will have XSS & SQLi for example. I would
> further imagine that the OWASP periodic table has its own shape that
> doesn't much resemble the actual periodic table…
> 
> so I see it as a project to group known issues according to related root
> causes.
> 
> Is this how others view this project?
> 
> 
> 
> Dennis
> 



More information about the OWASP-Leaders mailing list