OWASP top 10 should be out this quarter, however 2010 release candidate is already available: http://www.owasp.org/images/0/0f/OWASP_T10_-_2010_rc1.pdf
From: SUMAN SOURAV [mailto:[email protected]] Sent: 04 January 2010 11:49 To: [email protected] Subject: FW: [WEB SECURITY] WASC Announcement: WASC Threat Classification v2.0 Published Hi All, First of all "Happy New Year" to all group members!! Good news is coming from WASC ... WASC Threat Classification v2.0 is being published, I think for Appsec professionals this is a New Year gift by WASC. OWASP Top Ten 2010 (Final version) is also going to published this month (Hopefully). lots of thing to update from beginning of year 2010. Happy Learning!!! J Regards Suman -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Saturday, January 02, 2010 6:27 AM To: [email protected] Subject: [WEB SECURITY] WASC Announcement: WASC Threat Classification v2.0 Published The Web Application Security Consortium (WASC) is pleased to announce the long awaited release of the WASC Threat Classification v2.0. The Threat Classification is an effort to classify the weaknesses, and attacks that can lead to the compromise of a website, its data, or its users. This document's primarily purpose is to serve as a reference guide for common attacks and weaknesses. Main goals - Refine document scope, terminology, and purpose - Update existing sections when applicable - Add missing attacks and weaknesses - Creation of a firm, scalable base foundation allowing for the introduction of data views allowing for various forms of data representation - Addition of attack and weakness reference identifiers (WASC-<xx>) - Publication of two data views WASC Threat Classification v2.0 Online http://projects.webappsec.org/Threat-Classification Using the Threat Classification http://projects.webappsec.org/Using-the-Threat-Classification Threat Classification Authors and Contributors http://projects.webappsec.org/Threat-Classification-Authors WASC Threat Classification FAQ http://projects.webappsec.org/Threat-Classification-FAQ WASC Reference Identifier Grid http://projects.webappsec.org/Threat-Classification-Reference-Grid Threat Classification Data Views http://projects.webappsec.org/Threat-Classification-Views We have already started scoping the next minor release of the Threat Classification, and are seeking contributors. If you are interested in participating in the next release of the WASC Threat Classification please contact us at [email protected] with the subject 'WASC Threat Classification Contribution Inquiry'. Questions can be directed to Robert Auger (contact_at_webappsec.org) with the subject 'WASC TC Inquiry'. Regards, - Robert Auger WASC Threat Classification Project leader/WASC Co Founder http://projects.webappsec.org/Threat-Classification http://www.webappsec.org/ The Web Application Security Consortium ---------------------------------------------------------------------------- Join us on IRC: irc.freenode.net #webappsec Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed] Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA Le e-mail provenienti dalla Sella Synergy India Private Ltd sono trasmesse in buona fede e non comportano alcun vincolo ne' creano obblighi per la Sella Synergy India Private Ltd stessa, salvo che cio' non sia espressamente previsto da un precedente accordo. Questa e-mail e' confidenziale. Qualora l'avesse ricevuta per errore, La preghiamo di comunicarne via e-mail la ricezione al mittente e di distruggerne il contenuto. La informiamo inoltre che l'utilizzo non autorizzato del messaggio o dei suoi allegati potrebbe costituire reato. Grazie per la collaborazione. E-mails from Sella Synergy India Ltd Private are sent in good faith but they are neither binding on the Sella Synergy India Private Ltd nor to be understood as creating any obligation on its part except where provided for an agreement. This e-mail is confidential. If you have received it by mistake, please inform the sender by reply e-mail and delete it from your system. Please also note that the unauthorized disclosure or use of the message or any attachments could be an offence. Thank you for your cooperation.
_______________________________________________ Owasp-delhi mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-delhi
