[Owasp-leaders] [Owasp-community] OT10 Risks?

Eoin Keary eoin.keary at owasp.org
Sun Sep 21 21:13:12 UTC 2014


Xss is not a risk :)  Getting XSS'ed is if you are vulnerable.

It's a top 10 of most common vulns.
But if you actually did a top 10 (of common vulns)  the top 5 would be SSL and security header related and make for slow reading. :)


Eoin Keary
Owasp Global Board
+353 87 977 2988


On 21 Sep 2014, at 17:04, Eoin Keary <eoin.keary at owasp.org> wrote:

> Risk != vuln
> 
> Risk is defined as:
> "(Exposure to) the possibility of loss, injury, or other adverse or unwelcome circumstance; a chance or situation involving such a possibility."
> 
> The result of a weakness being leveraged and unwelcome outcomes.
> 
> 
> 
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
> 
> 
> On 21 Sep 2014, at 16:53, Jim Manico <jim.manico at owasp.org> wrote:
> 
>>> T10 lists does not accurately
>> reflect the most dangerous "risks" or that it would be better to name it
>> differently?
>> 
>> The commentary that I received was that the term "risk" did not
>> actually reflect the items on the lists. Folks have told me it should
>> be "vulnerabilities" or "attacks" or "weaknesses" and more.
>> 
>> I'm not sure what the right answer is here...
>> 
>> Aloha,
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>> 
>>> On Sep 21, 2014, at 4:50 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>>> 
>>> T10 lists does not accurately
>>> reflect the most dangerous "risks" or that it would be better to name it
>>> differently?
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> Owasp-community mailing list
> Owasp-community at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-community


More information about the OWASP-Leaders mailing list