[Owasp-topten] Feedback on OWASP 2010 Top 10

Dave Wichers dave.wichers at aspectsecurity.com
Tue Nov 17 18:19:21 EST 2009


The awareness of them both might be very high, but unfortunately, both
are still very common, and both introduce significant risks. As such, we
believe they need to be highlighted separately.

 

-Dave

 

From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of daniel
cuthbert
Sent: Tuesday, November 17, 2009 9:43 AM
To: McGovern, James F. (eBusiness)
Cc: owasp-topten at lists.owasp.org
Subject: Re: [Owasp-topten] Feedback on OWASP 2010 Top 10

 

I agree. 

Back in the day it was important to have the likes of XSS/SQLi as
separate categories, namely due to the fact they weren't well-known, but
the level of awareness today is far greater than back in 2004. Would it
not be more suitable to have a single parent category such as injection
and then have the sub-categories below depending on how widespread they
are?




2009/11/17 McGovern, James F. (eBusiness)
<James.McGovern at thehartford.com>

 My peers were discussing the top ten and wanted to understand why
certain categories couldn't be collapsed into "input validation" for
example SQL Injection such that room could be made for other
categories..,.
************************************************************
This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information.  If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited.  If
you are not the intended recipient, please notify the sender immediately
by return e-mail, delete this communication and destroy all copies.
************************************************************


_______________________________________________
Owasp-topten mailing list
Owasp-topten at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-topten

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-topten/attachments/20091117/ce0b660e/attachment.html 


More information about the Owasp-topten mailing list