[Owasp-leaders] [Owasp-community] OT10 Risks?

Josh Sokol josh.sokol at owasp.org
Mon Sep 22 17:16:24 UTC 2014


I know what he said.  I was expounding on it.  Lack of those is a weakness,
sure.  Inclusion of those is risk mitigation.  That's all I'm suggesting
there.

~josh

On Mon, Sep 22, 2014 at 12:08 PM, Jim Manico <jim.manico at owasp.org> wrote:

> > And in Bill's example, parameterized queries, input validation, and
> output encoding would be considered risk mitigation.
>
> Bill said LACK OF parameterized queries and others which is a
> •weakness•, not risk mitigation.
>
> --
> Jim Manico
> @Manicode
> (808) 652-3805
>
> > On Sep 22, 2014, at 12:59 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
> >
> > And in Bill's example, parameterized queries, input validation, and
> output encoding would be considered risk mitigation.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140922/54f9fe74/attachment.html>


More information about the OWASP-Leaders mailing list