Penetration Testing mailing list archives
Network Top 10
From: cribbar <crib.bar () hotmail co uk>
Date: Fri, 10 Dec 2010 08:40:48 -0800 (PST)
Hi All, Can I ask, does there exist any equivalent to OWASP's Top 10 Project (which is targetted at application security), for network infrastructure? Or would anyone be willing to list your own "Top 10" common vulnerabilities that you come across on network based audits, as opposed to application audits? I.e. excessive ACL's, missing client side patches, weak local passwords etc? I think the OWASP Top 10 is an excellent resource to demonstrate to management a Top 10 security issues with application security in 2010, but I've never seen anything similar for Network Top 10 for most critical risks/common weaknesses. Especially I would be interested in the prevelance you are coming up against such risks/weaknesses in Network based reviews. Thats one of the best things on the OWASP Top 10, it gives it you straight, a Top 10 with a) exploitability, b) prevalance (i.e. common/uncommon), c) detectability and the most important IMO, d) risk impact. If such a project or review exists for network infrastructure I would love to see a copy. OWASP Top 10 for those not specialist in app security: http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project Look forward to any replies... -- View this message in context: http://old.nabble.com/Network-Top-10-tp30427834p30427834.html Sent from the Penetration Testing mailing list archive at Nabble.com. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Network Top 10 cribbar (Dec 10)