[Owasp-leaders] ZAPping the OWASP Top 10

Timur 'x' Khrotko (owasp) timur at owasp.org
Thu Aug 28 14:44:43 UTC 2014


+10
On Aug 28, 2014 3:46 PM, "Achim" <achim at owasp.org> wrote:

> Leaders,
>
> additional to Simons suggestion:
>
>         there is often the question if this or that tool can find/protect
>         all OWASP Top 10 vulnerabilities
>
> As Simon said, we all know that it is not possible to find *all* types of
> vulnerabilities listed in the Top 10 (i.e. A7 from Top 10 2010).
> The same applies to protect against such vulnerabilities (i.e. with a WAF).
>
>
> Does it make sense to *clearly write* on the Top 10 page, that some
> vulnerabilities
> cannot easily be detected/protected automatically by third party
> devices/software.
>
> There're so many marketing papers out in the wild, where products claim to
> find/
> protect all. BS.
>
>
> Ciao
> Achim
>
>
> Am 28.08.2014 13:21, schrieb psiinon:
> > Leaders,
> >
> > I often get asked if ZAP scans for the "OWASP Top 10".
> > As I'm sure you're all aware, its not really possible to automatically
> scan
> > for all of the vulnerabilities behind the OWASP Top 10 _risks_.
> >
> > But I still think its a question that should be answered, and so I've
> added
> > this page to the OWASP wiki based on input from the ZAP contributors:
> >
> > https://www.owasp.org/index.php/ZAPpingTheTop10
> >
> > I just wanted to make sure that no one objects before I start publicizing
> > it.
> >
> > Note that the pdf points to the page on the ZAP wiki - I'll change that
> > before publicizing it outside of this list.
> >
> > Of course if anyone has any suggestions as to features we could add to
> make
> > detecting any vulnerabilities any easier then dont hesitate to get in
> touch
> > ;)
> >
> > Cheers,
> >
> > Simon
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>

-- 
Email us to enforce secure link with your mail servers (domain).
This message may contain confidential information - you should handle it 
accordingly.
Ez a levél bizalmas információt tartalmazhat, és ekként kezelendő.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140828/2260857b/attachment.html>


More information about the OWASP-Leaders mailing list