Home page logo

webappsec logo WebApp Sec mailing list archives

RE: Web App Vulnerabilities Statistical Analysis WP
From: yea right <thgiraey2000 () yahoo com>
Date: Mon, 28 Jun 2004 08:25:58 -0700 (PDT)


Just a quick note,
1) I find it amusing that your company was founded in
2002, yet you publish results from 2000?! (yea yea,
you had older reports from personal audits...sure).

2) Your attack classification system contains so many
conflicts that I really don't understand how you
managed to do the statistics. Isn't XSS a subset of
Parameter Tampering? What about Session Hijacking,
that is the result of a successful XSS attack...You
are mixing apples with oranges...

Couldn't Imperva adopt an existing attack
classification, such as OWASP, or stick to a simple
clean/clear one? your results are all over the place.

3) In general, such survey is useless, since anyone
can fake numbers, especially when you're talking about
a vendor from that specific space.

Bottom line, thanks for the nice graphs, and kudos for
publishing yet another useless paper...I am giving
Imperva the "Spammer of the year award".

Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]