[Owasp-topten] 2013 A7 - Access Control

Abbas Naderi abbas.naderi at owasp.org
Fri Feb 15 21:05:35 UTC 2013


Well at least we can count it as a security flaw, then propose solutions. There are a lot of similar scenarios in security, we have to first acknowledge them.
-Abbas
On ۲۸ بهمن ۱۳۹۱, at ۰:۳۰, "Dennis Groves" <dennis.groves at owasp.org> wrote:

> On 15 Feb 2013, at 20:55, Abbas Naderi wrote:
> 
>> Agree with this one, how about changing the title to "Using outdated third-party software"?
> 
> Many companies are required to use outdated third party software. Either because they outsource that part of their application or network; or because the company doesn't feel the financial investment is worth it. After all most of the time it is like fixing the sink in the kitchen - before you know it the sink has become a kitchen remodel that cost 100 times as much.
> 
> The real question is how do we advise those companies to mitigate or minimise the risks when they must use such software.
> 
> Dennis
> 
> -- 
> [Dennis Groves](http://about.me/dennis.groves), MSc
> [Email me](mailto:dennis.groves at owasp.org) or [schedule a meeting](http://goo.gl/8sPIy).
> 
> *This email is licensed under a [CC BY-ND 3.0](http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB) license.*
> 
> **Please do not send me Microsoft Office/Apple iWork documents.**
> Send [OpenDocument](http://fsf.org/campaigns/opendocument/) instead!
> Stand up for your freedom to install [free software](http://www.fsf.org/campaigns/secure-boot/statement).
> 
>> The idea that some lives matter less is the root of all that’s wrong with the world. -- Paul Farmer

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4889 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20130216/2221a3fc/attachment.bin>


More information about the Owasp-topten mailing list