[Owasp-leaders] Insecure Defaults in Common Web Software

Tony UV tonyuv at owasp.org
Tue Oct 15 04:32:28 UTC 2013

Hey Jim,

I'm really interested in getting behind this.  Been working on a lot of vuln web related software highly used in big enterprises and wouldn't mind spear heading a project around this with some colleagues in ATL.

Tony UV 

-----Original Message-----
From: "Jim Manico" <jim.manico at owasp.org>
Sent: ‎10/‎14/‎2013 10:50 PM
To: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>
Subject: [Owasp-leaders] Insecure Defaults in Common Web Software


One of our long time corporate sponsors had a suggestion for a new OWASP project that I feel is very valuable.

He requested an OWASP project that tracts insecure defaults in common web software and web software components. This is different than vulnerability tracking, it's more of a project that tracks how plain vanilla installs or uses of web software and components can be improved by configuration or other changes.

For example, the Java Apache fileuploader class (that most Java frameworks use) has a subtle DOS issue in terms of how it works under heavy load. A very simple and common configuration change cleans this up.

Would anyone care to help flesh out this project? Any thoughts in general?

Jim Manico

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131015/ed68ec04/attachment-0001.html>

More information about the OWASP-Leaders mailing list