[Owasp-leaders] Announcing New Project - Web Hacking Incidents Database (WHID) Project

Ryan Barnett ryan.barnett at owasp.org
Tue Feb 18 21:21:42 UTC 2014


https://www.owasp.org/index.php/OWASP_WASC_Web_Hacking_Incidents_Database_Pr
oject#tab=FAQs

How do I submit a WHID Incident?If you have identified a possible WHID
candidate, please use of the following methods to notify the WHID project
team:
1. Send an email to - owaspwhid_at_owasp.org
2. Send a tweet to @owaspwhid <https://twitter.com/owaspwhid>
3. Enter a link in the WHID Submittal Form
<https://spreadsheets.google.com/spreadsheet/embeddedform?formkey=dHktV0FmWG
MyTDZPbkZtOEJXNzhPbXc6MQ>

I will update the FAQ info with data about what constitutes a valid entry.
The key elements are -
1. Has to be a publicly referencable incident.  Need links to public news
stories, FCC documents, etcŠ
2. Must have a negative impact to the live web application.  All WHID
entries must have an Outcome (Downtime, Leakage of Data, Planting of
Malware, etcŠ).  We try to also designate Attack/Weakness data however it
may not be known.
Thanks,
Ryan

From:  Jason Johnson <jason.johnson at owasp.org>
Date:  Tuesday, February 18, 2014 4:09 PM
To:  Ryan Barnett <ryan.barnett at owasp.org>
Cc:  OWASP Leaders <owasp-leaders at lists.owasp.org>
Subject:  Re: [Owasp-leaders] Announcing New Project - Web Hacking Incidents
Database (WHID) Project

> 
> Ohhh I like this how can one enter attacks? What is considered an attack. I
> would like to build some active graphs from the data.
> 
> Jason Johnson
> OWASP
> Oklahoma City, OK
> On Feb 18, 2014 2:22 PM, "Ryan Barnett" <ryan.barnett at owasp.org> wrote:
>> FYI ­ we have just successfully setup the new project page here -
>> https://www.owasp.org/index.php/OWASP_WASC_Web_Hacking_Incidents_Database_Pro
>> ject
>> 
>> This is a joint project between OWASP/WASC.  The main motivations for joining
>> this project with OWASP were:
>> 1. Gain better visibility for the project.  WHID can be used in future OWASP
>> Top 10 discussions to help provide "Attack Liklihood" information.
>> 2. To help solicit community help with adding entries.  I have heard many
>> people say that they reference WHID and that is serves a valueable service.
>> The issue is that it is currently a "Ryan Barnett" project as I am the only
>> one adding entriesŠ I need help.  Fortunately, I already got word from Jerry
>> Hoff that he in interested in helping (Thanks Jerry!).  If anyone else would
>> like to help, please let me know.
>> Let me know if you have any questions about the project.
>> 
>> -- 
>> Ryan Barnett
>> OWASP ModSecurity CRS Project Leader
>> OWASP WHID Project Leader
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140218/447c155f/attachment.html>


More information about the OWASP-Leaders mailing list