[Owasp-topten] Risks vs Vulns

Abbas Naderi abbas.naderi at owasp.org
Sun Feb 17 14:32:33 UTC 2013


Hi tom,
can you post in rtf format? Your message has a width of 1800 characters!
-Abbas
On ۲۹ بهمن ۱۳۹۱, at ۱۷:۵۳, Tom Brennan <tomb at owasp.org> wrote:

> If the T10 is based on top risks not top vulns what web app does not have the availability risk of layer 7 application denial of service - many would agree is simply by design.
> 
> Based on a active discussion this weekend at Shmoocon in washington dc there was strong group of defenders that would lobby to call out this risk that has shown itself almost daily around the world since 2010.  Another point was since there are many classes of attack raising visibility for the T10 should also incorporate a matrix similar to http://projects.webappsec.org/w/page/13246975/Threat%20Classification%20Taxonomy%20Cross%20Reference%20View to proactively answer the how does this compare that is a FAQ to additionally build awareness (mission) and I suspect that since many community members are on this list, that is a separate consensus request
> 
> Finally a additional source of reference for data call managed by Ryan Barnett to be included, cross referenced http://projects.webappsec.org/w/page/13246995/Web-Hacking-Incident-Database#RealTimeStatistics also provide 
> 
> OWASP Tool stable, for the community with 33k downloads
> https://www.owasp.org/index.php/OWASP_HTTP_Post_Tool and although many variants including SSL half connects and other combinations if it dies not fall as a Top 10 risk where would it fall on a Pentest centric project. Additionally testing guide references ihttps://www.owasp.org/index.php/Testing_for_Denial_of_Service 
> 
> What entity does not share this concern that has something to serve up. 
> 
> Discussion.
> 
> 
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20130217/20f73cfe/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4889 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20130217/20f73cfe/attachment-0001.bin>


More information about the Owasp-topten mailing list