WebApp Sec mailing list archives
Re: The Original Web Security Mailing List
From: Jeremiah Grossman <jeremiah () whitehatsec com>
Date: Wed, 11 May 2005 18:10:16 -0700
comments inline: On Monday, May 9, 2005, at 03:53 PM, Arian J. Evans wrote:
I would like to point out that there is an existing list with a large membershipfor this topic located at webappsec () securityfocus com.
While I'm not sure of the actual size of webappsec@sf list, the traffic has been limited and slow just the same for quite some time. But as you probably know, there is top-notch WebAppSec conversation occurring all over. Just not in a public-list forum where it would be of exceptional value to a larger audience. WASC, through a network members and contributors, felt we could increase community discussion by gathering a large contingent of organizations and leading experts to cover a larger array of web application security topics.
If you are dealing with application security related compromise issues,webapp or otherwise, I'd include the sf list at a minimum (in addition toquestions about any of the topics below).
If subscribers feel the need to cross-post amongst the two lists, they should feel free to do so. Several lists such as secprog and sc-l are similarly focused and coexist nicely.
webappsec () securityfocus com is the home of the OWASP (www.owasp.org) mailing list which addresses the same topics listed below. WASC (below)is a new organization predominantly organized by web application "security"product-vendors. The OWASP organization is predominantly organized by consulting services vendors.
Your definition of OWASP (as a participant) may be true enough, but is certainly not accurate for WASC. Today WASC includes a wide variety of contributing industry practitioners (enterprise and government) and vendors (scanners, firewalls, service providers, consultants, etc.) Member and contributor numbers have expanded exceptionally fast during our first year to include developers, quality assurance, and security professionals.
Definitely worth utilizing both lists and keepingin mind potential for bias (e.g.-for or against automated widgets) on both lists.
The moderation of our list will have no bias for or against any particular kind product or methodology. Our goal is open dialog amongst the subscribers and conclusions drawn by the reader. We want to be as hands-off as possible as this enables the best information exchange.
Since most of this list's traffic is L3/L4 I'm not sure how helpful either list will be for the Intrusion topic, but if the subject of another Santy type worm comes up there's peoples on both those lists with strong appsec knowledge.-ae-----Original Message----- From: intrusions-bounces () lists sans org [mailto:intrusions-bounces () lists sans org]On Behalf Of contact () webappsec org Sent: Sunday, May 08, 2005 4:18 PM To: intrusions () lists sans org Cc: contact () webappsec org Subject: [Intrusions] Announcement: The Web Security Mailing List The Web Application Security Consortium (WASC) is proud to present 'The Web Security Mailing List'. What is The Web Security Mailing List? The Web Security Mailing List is an open information forum for discussing topics relevant to web security. Topics include, but are not limited to, industry news and technical discussions surrounding web applications, proxies, honeypots, new attack types, methodologies, application firewalls, discoveries, experiences, web servers, application servers, database security, tools, solutions, and others. To post a message send an email to: websecurity () webappsec org Subscribe by sending email to: websecurity-subscribe () webappsec org Unsubscribe by sending email to: websecurity-unsubscribe () webappsec org Regards, - Robert Auger contact_at_webappsec.org http://www.webappsec.org -------------------------------------------------------------- ---------------------- The Web Security Mailing List Charter http://www.webappsec.org/lists/websecurity/ The Web Security Mailing List Archives http://www.webappsec.org/lists/websecurity/archive/ _______________________________________________ Intrusions mailing list Intrusions () lists sans org http://www.dshield.org/mailman/listinfo/intrusions
Current thread:
- The Original Web Security Mailing List Arian J. Evans (May 11)
- Re: The Original Web Security Mailing List Jeremiah Grossman (May 15)
- Re: The Original Web Security Mailing List Matthieu Estrade (May 15)
- <Possible follow-ups>
- Fwd: Re: The Original Web Security Mailing List auto231439 (May 15)