[Owasp-topten] Feedback on OWASP 2010 Top 10

daniel cuthbert daniel.cuthbert at owasp.org
Tue Nov 17 09:43:14 EST 2009


I agree.

Back in the day it was important to have the likes of XSS/SQLi as separate
categories, namely due to the fact they weren't well-known, but the level of
awareness today is far greater than back in 2004. Would it not be more
suitable to have a single parent category such as injection and then have
the sub-categories below depending on how widespread they are?



2009/11/17 McGovern, James F. (eBusiness) <James.McGovern at thehartford.com>

>  My peers were discussing the top ten and wanted to understand why
> certain categories couldn't be collapsed into "input validation" for
> example SQL Injection such that room could be made for other
> categories..,.
> ************************************************************
> This communication, including attachments, is for the exclusive use of
> addressee and may contain proprietary, confidential and/or privileged
> information.  If you are not the intended recipient, any use, copying,
> disclosure, dissemination or distribution is strictly prohibited.  If you
> are not the intended recipient, please notify the sender immediately by
> return e-mail, delete this communication and destroy all copies.
> ************************************************************
>
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-topten/attachments/20091117/ad89e8e4/attachment-0001.html 


More information about the Owasp-topten mailing list