[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Findings.

From: Nitchi DaMon <nitchimon@xxxxxxxxx>
Subject: Re: [WEB SECURITY] Findings.
Date: Thu, 4 Feb 2010 12:44:03 -0800 (PST)

MaXe,

Thanks.  The Fu is at work and trying to find that pesky link.

One file link has shown up that was part of the overall picture I am trying to paint.

http://www.owasp.org/index.php/Category:OWASP_Security_Spending_Benchmarks

this is one.  But there WAS another that I read within the last 2 weeks and it was dated either 3rd or 4th Q 2009 that specifically stated "training is not enough and is not the answer".

We all know its PART of the answer but the document had some interesting facts that I want to reference to.

thanks!!!


Nitch.

--- On Thu, 2/4/10, MaXe <owasp@xxxxxxxxxxxx> wrote:

> From: MaXe <owasp@xxxxxxxxxxxx>
> Subject: Re: [WEB SECURITY] Findings.
> To: "Nitchi DaMon" <nitchimon@xxxxxxxxx>
> Cc: websecurity@xxxxxxxxxxxxx
> Date: Thursday, February 4, 2010, 3:34 PM
> Hi Nitchi,
> 
> 
> Not sure which reports but if you had some of the text or
> the title on
> them then you could apply some Google-Fu and find them
> easily again, in
> most cases that is :-)
> 
> Anyway, there is also another reason: Developers that
> doesn't understand
> IT-security well enough. (many doesn't take non-persistent
> injections
> serious like XSS cause who would be "stupid" enough to
> click a malicious
> link like bit.ly/xxxxx ? xD
> 
> 
> Best regards,
> MaXe
> 
> Nitchi DaMon wrote:
> > Greetings all,
> >
> > Since we are "X" years into Application Security, I
> remember seeing a new report or reports that people are
> starting to recognize we are still having App Vulns.
> >
> > The report(s) showed that while no training and no
> SDLC and other things missing showed initially that upwards
> to 80 to 95% of software had vulnerabilities.  But
> after training, and a few years of AppSec techniques, it was
> found that the number dropped to 30 to 40%. But the issues
> were still there. They were still there because of
> sloppiness and various reasons.
> >
> > I thought I saved the link and or the papers local,
> but discoverd I saved the wrong URLs.  
> >
> > Does anyone remember these reports and can you please
> forward to me the links ?
> >
> >
> > Thanks.
> >
> >
> > Nitch.
> >
> >
> >
> >
> >       
> >
> >
> ----------------------------------------------------------------------------
> > Join us on IRC: irc.freenode.net #webappsec
> >
> > Have a question? Search The Web Security Mailing List
> Archives: 
> > http://www.webappsec.org/lists/websecurity/archive/
> >
> > Subscribe via RSS: 
> > http://www.webappsec.org/rss/websecurity.rss [RSS
> Feed]
> >
> > Join WASC on LinkedIn
> > http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> >
> >
> >   
> 
> 




----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

References:
- Re: [WEB SECURITY] Findings.
  - From: MaXe

Prev by Date: Re: [WEB SECURITY] Findings.
Next by Date: [WEB SECURITY] Draft paper submission deadline is extended: ISP-10
Previous by thread: Re: [WEB SECURITY] Findings.
Next by thread: [WEB SECURITY] Draft paper submission deadline is extended: ISP-10
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site