[Owasp-topten] Adding in WASC Web Hacking Incident Database (WHID) Reference Links to Top 10 Wiki Data

Ryan Barnett rcbarnett at gmail.com
Fri Jun 17 11:48:25 EDT 2011


Here you go.  Have entries for all except A7.  My feeling is that swapping
out 1 External Reference for each item for one of these WHID links would
provide more value to the user.

A1: Injection - 
http://www.google.com/fusiontables/DataSource?snapid=S2086702IR5
A2: Cross-site Scripting -
http://www.google.com/fusiontables/DataSource?snapid=S208907th50
A3: Broken Authentication and Session Management -
http://www.google.com/fusiontables/DataSource?snapid=S203191wChw&pli=1
A4: Insecure Direct Object Reference -
http://www.google.com/fusiontables/DataSource?snapid=S208914Efwz
A5: Cross-site Request Forgery -
http://www.google.com/fusiontables/DataSource?snapid=S203191wChw&pli=1
A6: Security Misconfiguration -
http://www.google.com/fusiontables/DataSource?snapid=S208909HtmA
A8: Failure to Restrict URL Access -
http://www.google.com/fusiontables/DataSource?snapid=S208910u7mt
A9: Insufficient Transport Layer Protection -
http://www.google.com/fusiontables/DataSource?snapid=S2089112yxM
A10: Unvalidated Redirects and Forwards -
http://www.google.com/fusiontables/DataSource?snapid=S2089124qF5

-Ryan

From:  Dave Wichers <dave.wichers at owasp.org>
Date:  Thu, 16 Jun 2011 19:13:11 -0400
To:  Ryan Barnett <ryan.barnett at owasp.org>, <owasp-topten at lists.owasp.org>
Subject:  Re: [Owasp-topten] Adding in WASC Web Hacking Incident Database
(WHID) Reference Links to Top 10 Wiki Data

> I¹d like the wiki version and the pdf version to match. As such, there isn¹t
> very much room. I¹m afraid if we start adding more links to each area, they
> won¹t fit anymore.
>  
> Why don¹t you send me the proposed additional links and I¹ll review and let
> you know what I think.
>  
> Thanks, Dave
>  
> 
> From: owasp-topten-bounces at lists.owasp.org
> [mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Ryan Barnett
> Sent: Thursday, June 16, 2011 1:46 PM
> To: owasp-topten at lists.owasp.org
> Subject: [Owasp-topten] Adding in WASC Web Hacking Incident Database (WHID)
> Reference Links to Top 10 Wiki Data
>  
> 
> Question for the Top 10 Lists -
> 
>  
> 
> Does anyone have any issues with adding in links to the "External Reference"
> links section of the Top 10 items that point to WASC WHID entry data?  For
> example ­ for A1: Injection, we could add this link -
> 
> http://www.google.com/fusiontables/DataSource?snapid=S2086702IR5
> 
>  
> 
> This shows all entries for Injection attacks.  This would help to highlight
> the Likelihood of Exploitability of each issue.
> 
>  
> 
> We could do this for other Top 10 issues as well ­ XSS, CSRF, etcŠ
> 
>  
> 
> Let me know what you think.
> 
>  
> 
> Ryan
> _______________________________________________ Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-topten/attachments/20110617/23f47590/attachment.html 


More information about the Owasp-topten mailing list