[Owasp-leaders] [Owasp-topten] OWASP Top 10 Methodology
dennis.groves at owasp.org
Wed Mar 20 13:16:50 UTC 2013
On 20 Mar 2013, at 13:11, Christey, Steven M. wrote:
> While I don't know how often these are exploited (and they may be
> difficult to detect), or how often they'll be exploited in the future,
> these kinds of application DoS issues are becoming popular. As
> code-execution vulns get harder to find, I suspect we will see more of
> these. This might not be enough to merit inclusion in the OWASP Top
> Ten, but is definitely something to watch out for.
Agreed, currently there is not enough evidence to warrant inclusion into
the top 10. That said, the risk is real. I in particular believe that
lack of containment is a much bigger issue in Application security.
I think that both DoS and lack of containment warrant at least an
appendix entry in the current Top 10, and I think it is worth noting
that both issues are architecture flaws.
[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a
*This email is licensed under a [CC BY-ND
**Please do not send me Microsoft Office/Apple iWork documents.**
Send [OpenDocument](http://fsf.org/campaigns/opendocument/) instead!
Stand up for your freedom to install [free
> The idea that some lives matter less is the root of all that’s wrong
> with the world. -- Paul Farmer
More information about the OWASP-Leaders