WebApp Sec mailing list archives
RE: OWASP Top Ten - My Case For Updating It
From: Jeff Robertson <Jeff.Robertson () DigitalInsight com>
Date: Mon, 11 Jul 2005 07:58:11 -0400
-----Original Message----- From: Mark Curphey [mailto:mark () curphey com] If the problem of web application security is poor software quality, it is a natural conclusion that the solution is to build better software. Not once in the top ten does the list address the fact that the majority of software is built without a design, security requirements or a repeatable software security development process.
I would go so far as to say that unless a development shop is already following a process (I don't want to start waterfall vs. RUP vs. XP wars here) to keep plain old functionality bugs down to a minimum, they have no hope of producing secure software. If a software company haven't even figured out that their developers need to be doing unit tests, then the idea that they could successfully implement any sort of security testing is just putting the cart before the horse.
Current thread:
- Re: OWASP Top Ten - My Case For Updating It, (continued)
- Re: OWASP Top Ten - My Case For Updating It Ralf Durkee (Jul 09)
- Re: OWASP Top Ten - My Case For Updating It Jeff Williams (Jul 09)
- Re: OWASP Top Ten - My Case For Updating It Andrew van der Stock (Jul 09)
- Re: OWASP Top Ten - My Case For Updating It Saqib Ali (Jul 10)
- Re: OWASP Top Ten - My Case For Updating It Pete Herzog (Jul 10)
- RE: OWASP Top Ten - My Case For Updating It Mark Curphey (Jul 10)
- Re: OWASP Top Ten - My Case For Updating It Saqib Ali (Jul 11)
- Re: OWASP Top Ten - My Case For Updating It James E. Powell (Jul 11)
- Re: OWASP Top Ten - My Case For Updating It Frank O'Dwyer (Jul 13)
- Re: OWASP Top Ten - My Case For Updating It Jeff Williams (Jul 11)
- RE: OWASP Top Ten - My Case For Updating It Jeff Robertson (Jul 11)
- RE: OWASP Top Ten - My Case For Updating It Mark Curphey (Jul 11)
- Re: OWASP Top Ten - My Case For Updating It Dean H. Saxe (Jul 11)
- RE: OWASP Top Ten - My Case For Updating It Mark Curphey (Jul 11)
- Re: Re: OWASP Top Ten - My Case For Updating It rajeshkumardilli (Jul 11)
- RE: OWASP Top Ten - My Case For Updating It maburns (Jul 12)
- Re: OWASP Top Ten - My Case For Updating It focus (Jul 13)