[Owasp-testing] [Owasp-topten] RFC: Common numbering proposal # 3
bradcausey at gmail.com
Sat Jan 23 10:52:52 EST 2010
Rick, that is probably my fault. I got confused and scattered the wiki all
up. Mike is waiting on me to go back and fix it, but as usual, life gets in
the way sometimes.
It is on my TODO list.
CISSP, MCSE, C|EH, CIFI, CGSP
In security, an action that is not explicitly denied is inherently allowed.
On Sat, Jan 23, 2010 at 9:22 AM, <rick.mitchell at bell.ca> wrote:
> Our Common Numbering initiative didn't make the Q1 Newletter :(
> -----Original Message-----
> From: owasp-testing-bounces at lists.owasp.org [mailto:
> owasp-testing-bounces at lists.owasp.org] On Behalf Of Brad Causey
> Sent: January 13, 2010 5:27 PM
> To: GPC
> Cc: owasp-guide at lists.owasp.org;
> owasp-application-security-verification-standard at lists.owasp.org;
> owasp-topten at lists.owasp.org; owasp-testing at lists.owasp.org
> Subject: Re: [Owasp-testing] [Owasp-topten] RFC: Common numbering proposal
> # 3
> And here is an example:
> I did this in a bubble, ie, without anyone to bounce it off of.
> Feedback requested....
> -Brad Causey
> CISSP, MCSE, C|EH, CIFI, CGSP
> Never underestimate the time, expense, and effort an opponent will expend
> to break a code. (Robert Morris)
> On Tue, Jan 12, 2010 at 1:11 PM, Boberski, Michael [USA] <
> boberski_michael at bah.com> wrote:
> > Here, you can kick the tires on this, expanding and collapsing the TOC
> tree control:
> > http://code.google.com/p/owasp-development-guide/wiki/Introduction?tm=
> > 6
> > Any other comments, keep 'em coming!
> > Best,
> > Mike B.
> > -----Original Message-----
> > From: Mike Boberski [mailto:mike.boberski at gmail.com]
> > Sent: Tuesday, January 12, 2010 8:22 AM
> > To: Bil Corry; Boberski, Michael [USA]; owasp-topten at lists.owasp.org
> > Subject: Re: [Owasp-topten] RFC: Common numbering proposal # 3
> > You got it, stay tuned
> > On 1/12/10, Bil Corry <bil at corry.biz> wrote:
> >> Boberski, Michael [USA] wrote on 1/11/2010 6:14 AM:
> >>> Please see http://www.owasp.org/index.php/Common_OWASP_Numbering for
> >>> a next proposal, refined based on inputs provided so far.
> >> An exercise we did with the Threat Classification numbering system
> >> was to actually use the the various proposed numbering systems in a
> >> sample document and see what they looked like when used. It didn't
> >> take long to see that a simple numbering system worked best:
> >> http://projects.webappsec.org/Threat-Classification-Reference-Grid
> >> So my suggestion would be to find some sample documents where the
> >> numbers would be used, and try plugging in a few variations and see
> >> how they read/look.
> >> - Bil
> >> _______________________________________________
> >> Owasp-topten mailing list
> >> Owasp-topten at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-topten
> > --
> > Mike
> > _______________________________________________
> > Owasp-topten mailing list
> > Owasp-topten at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-topten
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-testing