If you are interested in knowing how the the WASC list maps to the OWASP top 10 (2010 RC1), Jeremiah just published a mapping document in his blog, check it out.
http://jeremiahgrossman.blogspot.com/2010/01/wasc-threat-classification-to-owasp-top.html Sajeev Nair *CISSP, CEH, GCFW, GCFA, GAWN & CISS*** infosecnirvana.blogspot.com On Tue, Jan 5, 2010 at 2:19 PM, Soi, Dhruv <[email protected]>wrote: > OWASP top 10 should be out this quarter, however 2010 release candidate > is already available: > http://www.owasp.org/images/0/0f/OWASP_T10_-_2010_rc1.pdf > > > > *From:* SUMAN SOURAV [mailto:[email protected]] > *Sent:* 04 January 2010 11:49 > > *To:* [email protected] > *Subject:* FW: [WEB SECURITY] WASC Announcement: WASC Threat > Classification v2.0 Published > > > > Hi All, > > > > First of all “Happy New Year” to all group members!! > > > > Good news is coming from WASC ….. WASC Threat Classification v2.0 is being > published, I think for Appsec professionals this is a New Year gift by WASC. > > > > > OWASP Top Ten 2010 (Final version) is also going to published this month > (Hopefully)… lots of thing to update from beginning of year 2010. > > > > Happy Learning!!! J > > > > > > Regards > > Suman > > > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Saturday, January 02, 2010 6:27 AM > To: [email protected] > Subject: [WEB SECURITY] WASC Announcement: WASC Threat Classification v2.0 > Published > > > > The Web Application Security Consortium (WASC) is pleased to announce the > long awaited release of the WASC > > Threat Classification v2.0. The Threat Classification is an effort to > classify the weaknesses, and attacks > > that can lead to the compromise of a website, its data, or its users. This > document's primarily purpose is > > to serve as a reference guide for common attacks and weaknesses. > > > > Main goals > > - Refine document scope, terminology, and purpose > > - Update existing sections when applicable > > - Add missing attacks and weaknesses > > - Creation of a firm, scalable base foundation allowing for the > introduction of data views allowing for various > > forms of data representation > > - Addition of attack and weakness reference identifiers (WASC-<xx>) > > - Publication of two data views > > > > > > WASC Threat Classification v2.0 Online > > http://projects.webappsec.org/Threat-Classification > > > > Using the Threat Classification > > http://projects.webappsec.org/Using-the-Threat-Classification > > > > Threat Classification Authors and Contributors > > http://projects.webappsec.org/Threat-Classification-Authors > > > > WASC Threat Classification FAQ > > http://projects.webappsec.org/Threat-Classification-FAQ > > > > WASC Reference Identifier Grid > > http://projects.webappsec.org/Threat-Classification-Reference-Grid > > > > Threat Classification Data Views > > http://projects.webappsec.org/Threat-Classification-Views > > > > > > We have already started scoping the next minor release of the Threat > Classification, and are seeking contributors. > > If you are interested in participating in the next release of the WASC > Threat Classification please contact us at > > [email protected] with the subject 'WASC Threat Classification > Contribution Inquiry'. > > > > Questions can be directed to Robert Auger (contact_at_webappsec.org) with > the subject 'WASC TC Inquiry'. > > > > > > Regards, > > - Robert Auger > > WASC Threat Classification Project leader/WASC Co Founder > > http://projects.webappsec.org/Threat-Classification > > http://www.webappsec.org/ The Web Application Security Consortium > > > > > ---------------------------------------------------------------------------- > > Join us on IRC: irc.freenode.net #webappsec > > > > Have a question? Search The Web Security Mailing List Archives: > > http://www.webappsec.org/lists/websecurity/archive/ > > > > Subscribe via RSS: > > http://www.webappsec.org/rss/websecurity.rss [RSS Feed] > > > > Join WASC on LinkedIn > > http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > > > > > Le e-mail provenienti dalla *Sella Synergy India Private Ltd *sono > trasmesse in buona fede e non comportano alcun vincolo ne' creano obblighi > per la *Sella Synergy India Private Ltd *stessa, salvo che cio' non sia > espressamente previsto da un precedente accordo. > Questa e-mail e' confidenziale. Qualora l'avesse ricevuta per errore, La > preghiamo di comunicarne via e-mail la ricezione al mittente e di > distruggerne il contenuto. La informiamo inoltre che l'utilizzo non > autorizzato del messaggio o dei suoi allegati potrebbe costituire reato. > Grazie per la collaborazione. > > E-mails from* Sella Synergy India Ltd Private *are sent in good faith but > they are neither binding on the *Sella Synergy India Private Ltd *nor to > be understood as creating any obligation on its part except where provided > for an agreement. > This e-mail is confidential. If you have received it by mistake, please > inform the sender by reply e-mail and delete it from your system. Please > also note that the unauthorized disclosure or use of the message or any > attachments could be an offence. > Thank you for your cooperation. > > _______________________________________________ > Owasp-delhi mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-delhi > >
_______________________________________________ Owasp-delhi mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-delhi
