Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: OWASP Top Ten - My Case For Updating It

Re: OWASP Top Ten - My Case For Updating It

From: Saqib Ali <docbook.xml_at_gmail.com>
Date: Sat, 9 Jul 2005 23:24:34 -0700

On 7/9/05, Mark Curphey <mark_at_curphey.com> wrote:
> I think the OWASP Top Ten needs a serious re-think.
i agree!!! :)

> novice companies will use the Top Ten as a testing yard stick. The PCI
> adoption is a dangerous issue that demonstrates this point. When MasterCard
> were hacked the first thing the company did was to say they passed the PCI
> tests. This will be the case with the OWASP Top Ten.

i disagree on this point. I don't think this will ever be the case.
PCI is a standard that Merchants and Service Providers are "required"
to follow. This is not the case of the OWASP Top Ten. OWASP does not
require any website to implement the Top 10, neither can it. Thus
OWASP Top 10 can not be used as a scapegoat. 

-- 
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Received on Jul 10 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]