WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Top Ten Web App Sec Problems

From: Mark Curphey <mark () curphey com>
Date: 30 Nov 2002 11:21:55 -0800
What we were looking at is more of a report like page 4 of this
excellent paper by Andrew Jaquith

http://www.atstake.com/research/reports/acrobat/atstake_app_unequal.pdf

In it you can see they say 79% of application reviewed have serious
session management flaws, and 73% have serious paramater manilpulation
flaws. 

Is this accurate in your opinion ? 

Any similar studies ?






On Sat, 2002-11-30 at 09:37, zeno wrote:


One of the things we are going to be doing on the OWASP portal when it


Well here are a few I can say will make the top five.

1. formail
2. phpnuke
3. cart32
4. postnuke




These others come to mind



quickstore shopping cart (cc scans)
dcshop (cc scans)
wwwboard variants (modified variants from matt wrights original  wwwboard)

Hope this helps. 

- zeno () cgisecurity com



 comes online in January is to keep track of vulnerabilities and build a

"top ten in the wild". 

Does anyone know if there have been any good statistical studies on
webappsec vulns (we know about the SANS top 20, but this is webappsec
specific) ?

Does anyone want to share their thoughts and top ten ?


-- 
Mark Curphey <mark () curphey com>



-- 
Mark Curphey <mark () curphey com>
Previous By Date Next
Previous By Thread Next

Current thread: