[OWASP-TESTING] WASC threats

Mark Curphey mark at curphey.com
Thu Jul 29 08:13:59 EDT 2004


;-)

OASIS WAS is 

-at an official standards body (not a vendor consortium)
-is being early adopted by several major banks (inc Fidelity) as a risk
management classification scheme
-provides a risk ranking model
-includes (and will include further) classification about code level issues
with the input of people like Fortify and Ounce)
-and was TRULY derived with industry input (WAS TC inlcudes Cisco, Visa, HP,
IBM etc)
-is a subset on an xml schema that has seen a lot of interest from MITRE and
the analysts

Remember we did the ASAC over 4 years ago ! 

Better to lead than follow ;-)

-----Original Message-----
From: owasp-testing-admin at lists.sourceforge.net
[mailto:owasp-testing-admin at lists.sourceforge.net] On Behalf Of Daniel
Sent: Thursday, July 29, 2004 3:14 AM
To: owasp 
Subject: [OWASP-TESTING] WASC threats

Morning all,

Has anyone had time to read their latest offering?
http://www.webappsec.org/tc/WASC-TC-v1_0.txt

It seems to be going the same way as the OASIS WAS project.

I wonder if they are going to start releasing a testing guide of their own?





-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise
J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
owasp-testing mailing list
owasp-testing at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owasp-testing





More information about the Owasp-testing mailing list