WebApp Sec mailing list archives
RE: Web App Vulnerabilities Statistical Analysis WP
From: yea right <thgiraey2000 () yahoo com>
Date: Mon, 28 Jun 2004 08:25:58 -0700 (PDT)
Hi, Just a quick note, 1) I find it amusing that your company was founded in 2002, yet you publish results from 2000?! (yea yea, you had older reports from personal audits...sure). 2) Your attack classification system contains so many conflicts that I really don't understand how you managed to do the statistics. Isn't XSS a subset of Parameter Tampering? What about Session Hijacking, that is the result of a successful XSS attack...You are mixing apples with oranges... Couldn't Imperva adopt an existing attack classification, such as OWASP, or stick to a simple clean/clear one? your results are all over the place. 3) In general, such survey is useless, since anyone can fake numbers, especially when you're talking about a vendor from that specific space. Bottom line, thanks for the nice graphs, and kudos for publishing yet another useless paper...I am giving Imperva the "Spammer of the year award". __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail
Current thread:
- Web App Vulnerabilities Statistical Analysis WP Imperva Application Defense Center (Jun 28)
- <Possible follow-ups>
- RE: Web App Vulnerabilities Statistical Analysis WP yea right (Jun 28)
- RE: Web App Vulnerabilities Statistical Analysis WP Imperva Application Defense Center (Jun 28)
- RE: Web App Vulnerabilities Statistical Analysis WP Frank Knobbe (Jun 29)