[Owasp-o2-platform] Fwd: Need Article on AutoBinding vulnerabilities at OWASP

Dinis Cruz dinis.cruz at owasp.org
Sat Jan 26 15:45:04 UTC 2013


Anybody here has some cycles to help with this? (see thread below)

The idea is to create a webpage on the owasp info with info about this vuln
(which affects all types of web frameworks and technologies)

Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2


---------- Forwarded message ----------
From: Dinis Cruz <dinis.cruz at owasp.org>
Date: 26 January 2013 15:42
Subject: Re: Need Article on AutoBinding vulnerabilities at OWASP
To: Dave Wichers <dave.wichers at aspectsecurity.com>


I think we should call it Mass Assignment since that is the term the
industry has kind-of-accepted for this type of issue

Check out this post for tons of links on this topic:
http://blog.diniscruz.com/2013/01/odata-aspnet-web-api-mass-assignment.html

I think it would be great to add this to the OWASP top 10.

I'll try to create a wiki page in there that describes this issue

Dinis Cruz

On 25 January 2013 18:34, Dave Wichers <dave.wichers at aspectsecurity.com>wrote:

>  Dinis,****
>
> ** **
>
> Sounds like you have been finding these issues for a while, and Aspect has
> been finding some too, like one in Spring recently.****
>
> ** **
>
> I’d like to list AutoBinding vulnerabilities as an up and coming issue in
> the OWASP Top 10 for 2013, and include a link to an article that describes
> the issue in more detail.****
>
> ** **
>
> Would you be willing to crank out a quick page on this topic at OWASP? If
> you don’t have time, do you have a recommended article somewhere else that
> I can link to?****
>
> ** **
>
> Thanks, Dave****
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20130126/d7b63ba8/attachment.html>


More information about the Owasp-o2-platform mailing list