WebApp Sec mailing list archives
Re: Top Ten Web App Sec Problems
From: Mark Curphey <mark () curphey com>
Date: 30 Nov 2002 11:21:55 -0800
What we were looking at is more of a report like page 4 of this excellent paper by Andrew Jaquith http://www.atstake.com/research/reports/acrobat/atstake_app_unequal.pdf In it you can see they say 79% of application reviewed have serious session management flaws, and 73% have serious paramater manilpulation flaws. Is this accurate in your opinion ? Any similar studies ? On Sat, 2002-11-30 at 09:37, zeno wrote:
One of the things we are going to be doing on the OWASP portal when itWell here are a few I can say will make the top five. 1. formail 2. phpnuke 3. cart32 4. postnuke These others come to mind quickstore shopping cart (cc scans) dcshop (cc scans) wwwboard variants (modified variants from matt wrights original wwwboard) Hope this helps. - zeno () cgisecurity com comes online in January is to keep track of vulnerabilities and build a"top ten in the wild". Does anyone know if there have been any good statistical studies on webappsec vulns (we know about the SANS top 20, but this is webappsec specific) ? Does anyone want to share their thoughts and top ten ? -- Mark Curphey <mark () curphey com>
-- Mark Curphey <mark () curphey com>
Current thread:
- Top Ten Web App Sec Problems Mark Curphey (Nov 30)
- Re: Top Ten Web App Sec Problems zeno (Nov 30)
- Re: Top Ten Web App Sec Problems Mark Curphey (Nov 30)
- Re: Top Ten Web App Sec Problems Matt Curtin (Nov 30)
- Re: Top Ten Web App Sec Problems bt (Nov 30)
- Re: Top Ten Web App Sec Problems Alex Russell (Dec 02)
- Re: Top Ten Web App Sec Problems Andrew Jaquith (Dec 02)
- Re: Top Ten Web App Sec Problems Alex Russell (Dec 02)
- Re: Top Ten Web App Sec Problems Mark Curphey (Nov 30)
- Re: Top Ten Web App Sec Problems zeno (Nov 30)
- <Possible follow-ups>
- FW: Top Ten Web App Sec Problems Keith T. Morgan (Dec 02)
- Re: Top Ten Web App Sec Problems Steven M. Christey (Dec 02)
- RE: Top Ten Web App Sec Problems Richard M. Smith (Dec 02)
- Re: Top Ten Web App Sec Problems Kevin Spett (Dec 02)
- Re: Top Ten Web App Sec Problems Alex Lambert (Dec 02)
- RE: Top Ten Web App Sec Problems Richard M. Smith (Dec 02)