[Owasp-leaders] New Attack Vector Documentation

Dave Wichers dave.wichers at owasp.org
Thu May 19 17:31:22 UTC 2016


I'd suggest he simply write a wiki article on this new type of attack and
include links to whatever references, pagers, POCs, etc. he wants to. And
yes, if he labels it as an 'attack' it will show on on the list of attacks
page.

The contribution bar is not very high. Just go in and start editing :-)

-Dave

On Tue, May 17, 2016 at 7:40 PM, Jim Manico <jim.manico at owasp.org> wrote:

> Indeed, there are ways to label certain wiki pages as attacks. Take a look
> at https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29 as an
> example for proper wiki tagging. If you have any questions let me know.
>
> Aloha, Jim
>
>
>
> On 5/17/16 12:59 PM, Ahmed Abbas wrote:
>
> Dear OWASP Leaders,
>
>
> A friend of mine came up with a new attack vector that relates to the
> Login by QR Code feature and he is asking about how to contribute his
> research to OWASP and how can he send the proper papers regarding it to be
> listed as an attack vector in OWASP guidelines. Is there any documented
> process explaining how new attack vectors get documented? He also wants to
> ask if it is necessary to have a tool (PoC) to be included with the attack
> documentation to be accepted by OWASP?
>
> Thanks in advance for your comments, and explanations.
>
>
> Kind Regards.
>
> --
> *Ahmed Abbas*
> OWASP Khartoum Co-Leader
> <https://twitter.com/OWASPKhartoum>https://twitter.com/OWASPKhartoum
>
>
>
> _______________________________________________
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160519/820b3b42/attachment.html>


More information about the OWASP-Leaders mailing list