WebApp Sec mailing list archives
Fwd: Re: The Original Web Security Mailing List
From: <auto231439 () hushmail com>
Date: Thu, 12 May 2005 08:22:16 -0700
OK I'll bite.... "The Web Application Security Consortium (WASC) is an international group of experts, industry practitioners, and organizational representatives who produce open source and widely agreed upon best- practice security standards for the World Wide Web." "Also our activities have also gathered the active support by the majority of the worlds top web security experts and leading solution providers vendors." Hmmm I don't think so....more like a bunch of folks who brought the world... The infamous "world is falling down" because you can XSS from an HTTP method advisory (interesting finding, total misunderstanding of risk) http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf A great alternative to OWASP called community.whitehatsec.com (from mouth of creators) that wen't....well nowhere I guess http://www.securityfocus.com/archive/107/256710 (see foot of email archive) And those wonderful terms to help clear up terminology in the industry. I like "Insufficient Anti-Automation" and "Abuse of Functionality" are my favorites. They work well here at the bank, very clear ;-) Come on get serious about the issues and who has the capacity to tackle them world ! Noise like this only distracts from progress. OWASP is far from perfect (I know Mark Curphey and others left last year and not much seems to be happening on projects like the Guide and Testing) and securityfocus is now owned by Symantec but a n other group and mailing list with this pedigree and a high school diploma in marketing is hardly going to make things better. OK back to my cube life of slinging code now.... I would like to point out that there is an existing list with a large membership for this topic located at webappsec () securityfocus com. If you are dealing with application security related compromise issues, webapp or otherwise, I'd include the sf list at a minimum (in addition to questions about any of the topics below). webappsec () securityfocus com is the home of the OWASP (www.owasp.org) mailing list which addresses the same topics listed below. WASC (below) is a new organization predominantly organized by web application "security" product-vendors. The OWASP organization is predominantly organized by consulting services vendors. Definitely worth utilizing both lists and keeping in mind potential for bias (e.g.-for or against automated widgets) on both lists. Since most of this list's traffic is L3/L4 I'm not sure how helpful either list will be for the Intrusion topic, but if the subject of another Santy type worm comes up there's peoples on both those lists with strong appsec knowledge. -ae
-----Original Message----- From: intrusions-bounces () lists sans org [mailto:intrusions-bounces () lists sans org]On Behalf Of contact () webappsec org Sent: Sunday, May 08, 2005 4:18 PM To: intrusions () lists sans org Cc: contact () webappsec org Subject: [Intrusions] Announcement: The Web Security Mailing List The Web Application Security Consortium (WASC) is proud to
present
'The Web Security Mailing List'. What is The Web Security Mailing List? The Web Security Mailing List is an open information forum for discussing topics relevant to web security. Topics include, but
are
not limited to, industry news and technical discussions
surrounding
web applications, proxies, honeypots, new attack types,
methodologies,
application firewalls, discoveries, experiences, web servers, application servers, database security, tools, solutions, and
others.
To post a message send an email to: websecurity () webappsec org Subscribe by sending email to: websecurity-
subscribe () webappsec org
Unsubscribe by sending email to: websecurity-unsubscribe () webappsec org Regards, - Robert Auger contact_at_webappsec.org http://www.webappsec.org -------------------------------------------------------------- ---------------------- The Web Security Mailing List Charter http://www.webappsec.org/lists/websecurity/ The Web Security Mailing List Archives http://www.webappsec.org/lists/websecurity/archive/ _______________________________________________ Intrusions mailing list Intrusions () lists sans org http://www.dshield.org/mailman/listinfo/intrusions
Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427
Current thread:
- The Original Web Security Mailing List Arian J. Evans (May 11)
- Re: The Original Web Security Mailing List Jeremiah Grossman (May 15)
- Re: The Original Web Security Mailing List Matthieu Estrade (May 15)
- <Possible follow-ups>
- Fwd: Re: The Original Web Security Mailing List auto231439 (May 15)