[Owasp-leaders] [Owasp-community] OT10 Risks?

Timur 'x' Khrotko (owasp) timur at owasp.org
Sun Sep 21 21:33:32 UTC 2014


https://capec.mitre.org/about/glossary.html

Cyber-Enabled Capability
Weakness Type
Weakness
Negative Technical Impact
Exploit
Vulnerability
Attack
Attack Pattern
Threat
View
Graph
Explicit Slice
Implicit Slice
Category
Meta Attack Pattern
Standard Attack Pattern
Detailed Attack Pattern


On Sun, Sep 21, 2014 at 11:13 PM, Eoin Keary <eoin.keary at owasp.org> wrote:

>
> Xss is not a risk :)  Getting XSS'ed is if you are vulnerable.
>
> It's a top 10 of most common vulns.
> But if you actually did a top 10 (of common vulns)  the top 5 would be SSL
> and security header related and make for slow reading. :)
>
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 21 Sep 2014, at 17:04, Eoin Keary <eoin.keary at owasp.org> wrote:
>
> > Risk != vuln
> >
> > Risk is defined as:
> > "(Exposure to) the possibility of loss, injury, or other adverse or
> unwelcome circumstance; a chance or situation involving such a possibility."
> >
> > The result of a weakness being leveraged and unwelcome outcomes.
> >
> >
> >
> > Eoin Keary
> > Owasp Global Board
> > +353 87 977 2988
> >
> >
> > On 21 Sep 2014, at 16:53, Jim Manico <jim.manico at owasp.org> wrote:
> >
> >>> T10 lists does not accurately
> >> reflect the most dangerous "risks" or that it would be better to name it
> >> differently?
> >>
> >> The commentary that I received was that the term "risk" did not
> >> actually reflect the items on the lists. Folks have told me it should
> >> be "vulnerabilities" or "attacks" or "weaknesses" and more.
> >>
> >> I'm not sure what the right answer is here...
> >>
> >> Aloha,
> >> --
> >> Jim Manico
> >> @Manicode
> >> (808) 652-3805
> >>
> >>> On Sep 21, 2014, at 4:50 PM, Tobias <tobias.gondrom at owasp.org> wrote:
> >>>
> >>> T10 lists does not accurately
> >>> reflect the most dangerous "risks" or that it would be better to name
> it
> >>> differently?
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> > _______________________________________________
> > Owasp-community mailing list
> > Owasp-community at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-community
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>

-- 
Email us to enforce secure link with your mail servers (domain).
This message may contain confidential information - you should handle it 
accordingly.
Ez a levél bizalmas információt tartalmazhat, és ekként kezelendő.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140921/4f02eaed/attachment-0001.html>


More information about the OWASP-Leaders mailing list