[Owasp-topten] Top 10 2007

Andrew van der Stock vanderaj at owasp.org
Tue Jul 4 18:37:19 EDT 2006


Okay, the June 30 deadline has gone. The only folks to pipe up  
agree :-), so I'll work on a straw man Top 10, and start researching  
Bugtraq for the last 12 months. Once I have the initial findings,  
I'll be farming out the work to volunteers to write their pages. If  
you feel you have a page of the Top 10 in you, please let us know :)

I've been looking around for criticisms and ideas others have had to  
update the Top 10 and see if they are valid or useful. I've found a  
2005 Mark Curphey post to webappsec, and he had some good ideas. We  
don't have to adopt all of them, but I'd certainly like to get your  
input on if it's something we can do:

http://seclists.org/lists/webappsec/2005/Jul-Sep/0011.html

Top 10 Attacks <- This is what we've agreed to so far
Top 10 vulnerabilities <- Let's leave this to SANS
Top 10 Root causes of insecure web apps
Top 10 Things you should have in your IT Security Policy
Top 10 Things you should look for in a protection system <- Prefer to  
leave to other projects
Top 10 Things you should look for in a assessment system <- Prefer to  
leave to other projects

So, I'm suggesting we do:

Top 10 Attacks
Top 10 Root causes of insecure web apps
Top 10 Things you should have in your software security program

Thoughts?

Lastly, this will be one of the last postings to Sourceforge - our  
mail lists will be coming on line soon. When it happens, please use  
the new mail infrastructure. You should have received a "Welcome"  
message from the OWASP mail list server for the lists you belong to.  
If you haven't received it for all of them - please hang in there and  
see if it gets fixed, but if by launch date it hasn't happened, we'll  
provide a link or two on how to join the new lists.

thanks,
Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2458 bytes
Desc: not available
Url : http://lists.owasp.org/pipermail/owasp-topten/attachments/20060705/5c8ce8f4/attachment.bin 


More information about the Owasp-topten mailing list