[Owasp-leaders] Announcing New Project - Web Hacking Incidents Database (WHID) Project
ryan.barnett at owasp.org
Tue Feb 18 21:21:42 UTC 2014
How do I submit a WHID Incident?If you have identified a possible WHID
candidate, please use of the following methods to notify the WHID project
1. Send an email to - owaspwhid_at_owasp.org
2. Send a tweet to @owaspwhid <https://twitter.com/owaspwhid>
3. Enter a link in the WHID Submittal Form
I will update the FAQ info with data about what constitutes a valid entry.
The key elements are -
1. Has to be a publicly referencable incident. Need links to public news
stories, FCC documents, etc
2. Must have a negative impact to the live web application. All WHID
entries must have an Outcome (Downtime, Leakage of Data, Planting of
Malware, etc). We try to also designate Attack/Weakness data however it
may not be known.
From: Jason Johnson <jason.johnson at owasp.org>
Date: Tuesday, February 18, 2014 4:09 PM
To: Ryan Barnett <ryan.barnett at owasp.org>
Cc: OWASP Leaders <owasp-leaders at lists.owasp.org>
Subject: Re: [Owasp-leaders] Announcing New Project - Web Hacking Incidents
Database (WHID) Project
> Ohhh I like this how can one enter attacks? What is considered an attack. I
> would like to build some active graphs from the data.
> Jason Johnson
> Oklahoma City, OK
> On Feb 18, 2014 2:22 PM, "Ryan Barnett" <ryan.barnett at owasp.org> wrote:
>> FYI we have just successfully setup the new project page here -
>> This is a joint project between OWASP/WASC. The main motivations for joining
>> this project with OWASP were:
>> 1. Gain better visibility for the project. WHID can be used in future OWASP
>> Top 10 discussions to help provide "Attack Liklihood" information.
>> 2. To help solicit community help with adding entries. I have heard many
>> people say that they reference WHID and that is serves a valueable service.
>> The issue is that it is currently a "Ryan Barnett" project as I am the only
>> one adding entries I need help. Fortunately, I already got word from Jerry
>> Hoff that he in interested in helping (Thanks Jerry!). If anyone else would
>> like to help, please let me know.
>> Let me know if you have any questions about the project.
>> Ryan Barnett
>> OWASP ModSecurity CRS Project Leader
>> OWASP WHID Project Leader
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders