[Owasp-topten] I am using your top ten to perform an audit of web application

Jeff Williams @ Aspect jeff.williams at aspectsecurity.com
Wed Oct 22 15:01:58 EDT 2003


Patricia,

We'll try to update the links in the next version of the Top Ten, which
should be released later this year. For now, I'd suggest looking into
WebGoat -- which is a full-up J2EE web application that is designed to
demonstrate many of the vulnerabilities in the Top Ten.  The source code is
available and is intended to be used by developers as examples of what not
to do.

I hope this helps, and I'll look into including more examples in the next
version.  Thanks for the feedback.

--Jeff

Jeff Williams
Aspect Security
http://www.aspectsecurity.com

----- Original Message ----- 
From: Kelehan, Patricia
To: topten at owasp.org
Sent: Wednesday, October 01, 2003 11:32 AM
Subject: [Owasp-topten] I am using your top ten to perform an audit of web
application


Security.  I plan on spending a lot of time with the developers reviewing
code.  Some of the feedback I have been receiving from the developers is,
they would like examples of the vulnerabilities.  The top ten document
contains links to examples, but the links do not work.  Where can I find
copies of the examples?

Patricia Kelehan, CPA, CIA, CISA
Financial Services Auditor
Ascend One Corporation
8930 Stanford Blvd
Columbia, Maryland 21045
(410) 910-2803





More information about the Owasp-topten mailing list