[Owasp-singapore] Fwd: [Owasp-leaders] Fwd: OWASP XSS CAMPAIGN

Wong Onn Chee ocwong at usa.net
Mon Oct 4 10:19:55 EDT 2010


 Hi folks,

Please read the email below.

There is a site, http://xssed.com, for insecure websites with XSS, but
it is still very overseas-focused.

As mentioned before, I am all for raising the awareness of secure web
development via alternative means.

To date, I have not received any suggestions on how we can raise the
awareness without "/promotion of the "sexy hacked" headline news
grabbing xss stuff/".

Hope to hear from you soon.

If there is no better suggestion by end Oct, we will go for the public
disclosure route for insecure SG websites.
Do note that responsible disclosure process will still be observed in
the public disclosure portal if we ever set up one.

Regards
Onn Chee

---------- Forwarded message ----------
From: *Tom Brennan*
Date: Sat, Sep 25, 2010 at 7:28 PM
Subject: OWASP XSS CAMPAIGN
To: owasp-leaders


We ALL really hate XSS its a lame finding at this point for many..

Last night over beers in NYC there were a few smirks that PCI leader
Visa and other banks are "on the list" this week

http://xssed.com/archive/special=1 

See VISA (9/19/2010)

Instead of being part of a problem -- I rather be part of solutions
that benefit the OWASP global mission.

I propose *_AWARENESS WEEK starting right now_* -  WE globally make a
effort to raise some attention for OWASP Worldwide using this issue for
a awareness campaign on blogs, articles, twitter interviews etc.. get
the word out.    By promotion of the "sexy hacked" headline news
grabbing xss stuff we can help raise awareness of local chapters -
additional visibility for application security (Our mission BTW) and
once again reinforce that OWASP Foundation is a lighthouse and resource
for the concerned to attend our events, read the guides.

This is how OWASP can "market" our professional association, gain more
respect from Industry as the good-guys here to help.

Knowledge: 
 
Conferences coming up -
http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference
Local chapter meetings
- http://www.owasp.org/index.php/Category:OWASP_Chapter#Local_Chapters

and projects in the works to help those that want help
- http://www.owasp.org/index.php/Testing_for_Reflected_Cross_site_scripting_(OWASP-DV-001)
<http://www.owasp.org/index.php/Testing_for_Reflected_Cross_site_scripting_%28OWASP-DV-001%29> 

I know we are preaching to the choir at OWASP about XSS but the general
public is NOT AWARE OF THE IMPACT combined others from the Top 10 ie CSRF

Thank you in advance for getting on your soap box and contribution to
this awareness campaign.

Tom Brennan







-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20101004/d8fd5c7c/attachment.html 


More information about the Owasp-singapore mailing list