[Owasp-leaders] Insecure Defaults in Common Web Software

Jim Manico jim.manico at owasp.org
Tue Oct 15 02:48:46 UTC 2013


One of our long time corporate sponsors had a suggestion for a new OWASP project that I feel is very valuable.

He requested an OWASP project that tracts insecure defaults in common web software and web software components. This is different than vulnerability tracking, it's more of a project that tracks how plain vanilla installs or uses of web software and components can be improved by configuration or other changes.

For example, the Java Apache fileuploader class (that most Java frameworks use) has a subtle DOS issue in terms of how it works under heavy load. A very simple and common configuration change cleans this up.

Would anyone care to help flesh out this project? Any thoughts in general?

Jim Manico

More information about the OWASP-Leaders mailing list