[Owasp-topten] Adding in WASC Web Hacking Incident Database (WHID) Reference Links to Top 10 Wiki Data

Tom Brennan tomb at owasp.org
Fri Jun 17 12:01:35 EDT 2011


Very visual to the end user and cross community good stuff!

On Jun 17, 2011, at 11:48 AM, Ryan Barnett <rcbarnett at gmail.com> wrote:

> Here you go.  Have entries for all except A7.  My feeling is that swapping out 1 External Reference for each item for one of these WHID links would provide more value to the user.
> 
> A1: Injection - http://www.google.com/fusiontables/DataSource?snapid=S2086702IR5
> A2: Cross-site Scripting - http://www.google.com/fusiontables/DataSource?snapid=S208907th50
> A3: Broken Authentication and Session Management - http://www.google.com/fusiontables/DataSource?snapid=S203191wChw&pli=1
> A4: Insecure Direct Object Reference - http://www.google.com/fusiontables/DataSource?snapid=S208914Efwz 
> A5: Cross-site Request Forgery - http://www.google.com/fusiontables/DataSource?snapid=S203191wChw&pli=1
> A6: Security Misconfiguration - http://www.google.com/fusiontables/DataSource?snapid=S208909HtmA
> A8: Failure to Restrict URL Access - http://www.google.com/fusiontables/DataSource?snapid=S208910u7mt
> A9: Insufficient Transport Layer Protection - http://www.google.com/fusiontables/DataSource?snapid=S2089112yxM
> A10: Unvalidated Redirects and Forwards - http://www.google.com/fusiontables/DataSource?snapid=S2089124qF5 
> 
> -Ryan
> 
> From: Dave Wichers <dave.wichers at owasp.org>
> Date: Thu, 16 Jun 2011 19:13:11 -0400
> To: Ryan Barnett <ryan.barnett at owasp.org>, <owasp-topten at lists.owasp.org>
> Subject: Re: [Owasp-topten] Adding in WASC Web Hacking Incident Database (WHID) Reference Links to Top 10 Wiki Data
> 
> I’d like the wiki version and the pdf version to match. As such, there isn’t very much room. I’m afraid if we start adding more links to each area, they won’t fit anymore.
>  
> Why don’t you send me the proposed additional links and I’ll review and let you know what I think.
>  
> Thanks, Dave
>  
> From: owasp-topten-bounces at lists.owasp.org [mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Ryan Barnett
> Sent: Thursday, June 16, 2011 1:46 PM
> To: owasp-topten at lists.owasp.org
> Subject: [Owasp-topten] Adding in WASC Web Hacking Incident Database (WHID) Reference Links to Top 10 Wiki Data
>  
> Question for the Top 10 Lists -
>  
> Does anyone have any issues with adding in links to the "External Reference" links section of the Top 10 items that point to WASC WHID entry data?  For example – for A1: Injection, we could add this link -
> http://www.google.com/fusiontables/DataSource?snapid=S2086702IR5
>  
> This shows all entries for Injection attacks.  This would help to highlight the Likelihood of Exploitability of each issue.
>  
> We could do this for other Top 10 issues as well – XSS, CSRF, etc…
>  
> Let me know what you think.
>  
> Ryan
> _______________________________________________ Owasp-topten mailing list Owasp-topten at lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-topten
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-topten/attachments/20110617/a590dd43/attachment-0001.html 


More information about the Owasp-topten mailing list