[OWASP-METRICS] Attack surface
petelind at spiresecurity.com
Thu Sep 16 16:47:41 EDT 2004
Hi, Jeff - try this:
As far as I know, this is the best treatment out there on the concept. (I
disagree with some of it).
> -----Original Message-----
> From: owasp-metrics-admin at lists.sourceforge.net
> [mailto:owasp-metrics-admin at lists.sourceforge.net] On Behalf
> Of Jeff Williams
> Sent: Thursday, September 16, 2004 4:29 PM
> To: owasp-metrics at lists.sourceforge.net
> Subject: [OWASP-METRICS] Attack surface
> Hi everyone. I keep reading articles that use the concept of
> "attack surface" to describe how attackable an application
> actually is. But I've never seen the concept explored very
> deeply. For a web application, it seems to me that the attack
> surface is strictly limited to the range of allowed HTTP
> requests. Anyone interested in helping model this? Seems to
> me that it shouldn't be too hard, would be really useful, and
> is likely to be automatable.
> Jeff Williams, CEO
> Aspect Security, Inc.
> work: 410-707-1487
> main: 301-604-4882
> This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one
> of 170 Project Admins to receive an Apple iPod Mini FREE for
> your judgement on who ports your project to Linux PPC the
> best. Sponsored by IBM.
> Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
> OWASP-METRICS mailing list
> OWASP-METRICS at lists.sourceforge.net
More information about the Owasp-metrics