[Owasp-topten] Adding in WASC Web Hacking Incident Database (WHID) Reference Links to Top 10 Wiki Data

dinis cruz dinis.cruz at owasp.org
Thu Jun 23 02:08:59 EDT 2011


Ryan, this is a great mapping, and really useful for the Top 10 presentation
I am going to be delivering later today at this conference in London
http://cybersecurity-oilandgas.com/agenda/day-two

I've added this info to the owasp WIKI
https://www.owasp.org/index.php/OWASP_Top_10/Mapping_to_WHID  and so that we
can keep track of similar resources (without changing the main Top 10 wiki
content (so that it is in sync with the printed document)), I added a new
tab called 'Other uses and resources' :
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=Other_uses_and_resources

please add more details to that page (
https://www.owasp.org/index.php/OWASP_Top_10/Mapping_to_WHID ) together with
other statistical data you are able to find

Thanks

Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2


On 17 June 2011 16:48, Ryan Barnett <rcbarnett at gmail.com> wrote:

> Here you go.  Have entries for all except A7.  My feeling is that swapping
> out 1 External Reference for each item for one of these WHID links would
> provide more value to the user.
>
> A1: Injection -
> http://www.google.com/fusiontables/DataSource?snapid=S2086702IR5
> A2: Cross-site Scripting -
> http://www.google.com/fusiontables/DataSource?snapid=S208907th50
> A3: Broken Authentication and Session Management -
> http://www.google.com/fusiontables/DataSource?snapid=S203191wChw&pli=1
> A4: Insecure Direct Object Reference -
> http://www.google.com/fusiontables/DataSource?snapid=S208914Efwz
> A5: Cross-site Request Forgery -
> http://www.google.com/fusiontables/DataSource?snapid=S203191wChw&pli=1
> A6: Security Misconfiguration -
> http://www.google.com/fusiontables/DataSource?snapid=S208909HtmA
> A8: Failure to Restrict URL Access -
> http://www.google.com/fusiontables/DataSource?snapid=S208910u7mt
> A9: Insufficient Transport Layer Protection -
> http://www.google.com/fusiontables/DataSource?snapid=S2089112yxM
> A10: Unvalidated Redirects and Forwards -
> http://www.google.com/fusiontables/DataSource?snapid=S2089124qF5
>
> -Ryan
>
> From: Dave Wichers <dave.wichers at owasp.org>
> Date: Thu, 16 Jun 2011 19:13:11 -0400
> To: Ryan Barnett <ryan.barnett at owasp.org>, <owasp-topten at lists.owasp.org>
> Subject: Re: [Owasp-topten] Adding in WASC Web Hacking Incident Database
> (WHID) Reference Links to Top 10 Wiki Data
>
> I’d like the wiki version and the pdf version to match. As such, there
> isn’t very much room. I’m afraid if we start adding more links to each area,
> they won’t fit anymore.****
>
> ** **
>
> Why don’t you send me the proposed additional links and I’ll review and let
> you know what I think.****
>
> ** **
>
> Thanks, Dave****
>
> ** **
>
> *From:* owasp-topten-bounces at lists.owasp.org [
> mailto:owasp-topten-bounces at lists.owasp.org<owasp-topten-bounces at lists.owasp.org>]
> *On Behalf Of *Ryan Barnett
> *Sent:* Thursday, June 16, 2011 1:46 PM
> *To:* owasp-topten at lists.owasp.org
> *Subject:* [Owasp-topten] Adding in WASC Web Hacking Incident Database
> (WHID) Reference Links to Top 10 Wiki Data****
>
> ** **
>
> Question for the Top 10 Lists -****
>
> ** **
>
> Does anyone have any issues with adding in links to the "External
> Reference" links section of the Top 10 items that point to WASC WHID entry
> data?  For example – for A1: Injection, we could add this link -****
>
> http://www.google.com/fusiontables/DataSource?snapid=S2086702IR5****
>
> ** **
>
> This shows all entries for Injection attacks.  This would help to highlight
> the Likelihood of Exploitability of each issue.****
>
> ** **
>
> We could do this for other Top 10 issues as well – XSS, CSRF, etc…****
>
> ** **
>
> Let me know what you think.****
>
> ** **
>
> Ryan****
> _______________________________________________ Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
>
>
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-topten/attachments/20110623/f72cdab6/attachment.html 


More information about the Owasp-topten mailing list