[Owasp-o2-platform] Need Article on AutoBinding vulnerabilities at OWASP

Dinis Cruz dinis.cruz at owasp.org
Sat Jan 26 16:27:11 UTC 2013


Actually it looks we are still a bit away from Mass Assignment being an
OWASP Top 10 issue

See Dave's comment on Should Mass Assignment be an OWASP Top 10
Vulnerability?<http://blog.diniscruz.com/2013/01/should-mass-assignment-be-owasp-top-10.html>


Next stop is to write about this on the OWASP wiki

Dinis Cruz


On 26 January 2013 15:45, Dinis Cruz <dinis.cruz at owasp.org> wrote:

> Anybody here has some cycles to help with this? (see thread below)
>
> The idea is to create a webpage on the owasp info with info about this
> vuln (which affects all types of web frameworks and technologies)
>
> Dinis Cruz
>
> Blog: http://diniscruz.blogspot.com
> Twitter: http://twitter.com/DinisCruz
> Web: http://www.owasp.org/index.php/O2
>
>
> ---------- Forwarded message ----------
> From: Dinis Cruz <dinis.cruz at owasp.org>
> Date: 26 January 2013 15:42
> Subject: Re: Need Article on AutoBinding vulnerabilities at OWASP
> To: Dave Wichers <dave.wichers at aspectsecurity.com>
>
>
> I think we should call it Mass Assignment since that is the term the
> industry has kind-of-accepted for this type of issue
>
> Check out this post for tons of links on this topic:
> http://blog.diniscruz.com/2013/01/odata-aspnet-web-api-mass-assignment.html
>
> I think it would be great to add this to the OWASP top 10.
>
> I'll try to create a wiki page in there that describes this issue
>
> Dinis Cruz
>
> On 25 January 2013 18:34, Dave Wichers <dave.wichers at aspectsecurity.com>wrote:
>
>>  Dinis,****
>>
>> ** **
>>
>> Sounds like you have been finding these issues for a while, and Aspect
>> has been finding some too, like one in Spring recently.****
>>
>> ** **
>>
>> I’d like to list AutoBinding vulnerabilities as an up and coming issue in
>> the OWASP Top 10 for 2013, and include a link to an article that describes
>> the issue in more detail.****
>>
>> ** **
>>
>> Would you be willing to crank out a quick page on this topic at OWASP? If
>> you don’t have time, do you have a recommended article somewhere else that
>> I can link to?****
>>
>> ** **
>>
>> Thanks, Dave****
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20130126/67899b3b/attachment.html>


More information about the Owasp-o2-platform mailing list