WebApp Sec mailing list archives
Re: Two questions: FAQ and OWASP ASAC
From: Rogan Dawes <discard () dawes za net>
Date: Fri, 14 Jan 2005 16:36:31 +0100
Wall, Kevin wrote:
Several years ago, I used to be heavily involved in this list. Things have changed a lot since then. I was wondering: 1) Does this list have a FAQ, and if so, where is it? Is it the same as http://www.webappsec.org/faq.html ? (The site appears to be down.)
In fact, I don't think that this list DOES have a faq, other than maybe http://www.owasp.org/documentation/appsec_faq.html, which is not strictly a FAQ from this list, but is probably as close as you will get.
2) Whatever happened to OWASP's Application Security Attack Components that used to be available at http://www.owasp.org/asac ? Did it somehow morph into the WASC's Threat Classifications, at http://www.webappsec.org/threat.html ? They look pretty similar (from what I can recall of OWASP's ASAC, at least.)
Well, the first problem is that you are looking on the wrong site. WebAppSec.org is unrelated to this list. www.owasp.org is far closer related, due to its history. Mark Curphey both moderated the webappsec list and started OWASP.
That said, I think that ASAC has largely fallen away, and been "replaced" by either the OWASP Top 10 (http://www.owasp.org/documentation/topten.html) or the OWASP Guide (http://www.owasp.org/documentation/guide/guide_news.html), or possibly the OWASP Testing Project (http://www.owasp.org/documentation/testing.html), depending on what your requirements are.
Thanks, -kevin
No problem, Rogan -- Rogan Dawes *ALL* messages to discard () dawes za net will be dropped, and added to my blacklist. Please respond to "lists AT dawes DOT za DOT net"
Current thread:
- Two questions: FAQ and OWASP ASAC Wall, Kevin (Jan 14)
- Re: Two questions: FAQ and OWASP ASAC Rogan Dawes (Jan 14)
- <Possible follow-ups>
- RE: Two questions: FAQ and OWASP ASAC Bob Auger (Jan 15)