Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: OWASP Top Ten - dev process

Re: OWASP Top Ten - dev process

From: Devdas Bhagat <devdas_at_dvb.homelinux.org>
Date: Wed, 13 Jul 2005 15:48:38 +0530

On 13/07/05 11:40 +1000, Michael Silk wrote:
>
> But isn't the the _whole point_ of a "Top Ten" is that it quickly and
> easily lists the 'visible' problems [i.e not the cause]?
>
> I mean, you could make it a Top 2 otherwise:
> 1) Bad Programming
> 2) Bad Design
>
Top Three:
3> Bad Programmers.

> ...
>
> It covers everything; easy to interpret and hence fail or pass as you like.
>
> imho an OWASP "Top Ten" shouldn't really cover _my_ development
> procedures; only the problems exposed by them.
>
IMHO, we need a top ten problems and a top ten bad practices list.
That would help a lot more.

Devdas Bhagat
Received on Jul 13 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]