OK I'll bite....
"The Web Application Security Consortium (WASC) is an international
group of experts, industry practitioners, and organizational
representatives who produce open source and widely agreed upon best-
practice security standards for the World Wide Web."
"Also our activities have also gathered the active support by the
majority of the worlds top web security experts and leading
solution providers vendors."
Hmmm I don't think so....more like a bunch of folks who brought the
world...
The infamous "world is falling down" because you can XSS from an
HTTP method advisory (interesting finding, total misunderstanding
of risk)
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf
A great alternative to OWASP called community.whitehatsec.com (from
mouth of creators) that
wen't....well nowhere I guess
http://www.securityfocus.com/archive/107/256710
(see foot of email archive)
And those wonderful terms to help clear up terminology in the
industry. I like "Insufficient Anti-Automation" and "Abuse of
Functionality" are my favorites. They work well here at the bank,
very clear ;-)
Come on get serious about the issues and who has the capacity to
tackle them world ! Noise like this only distracts from progress.
OWASP is far from perfect (I know Mark Curphey and others left last
year and not much seems to be happening on projects like the Guide
and Testing) and securityfocus is now owned by Symantec but a n
other group and mailing list with this pedigree and a high school
diploma in marketing is hardly going to make things better.
OK back to my cube life of slinging code now....
I would like to point out that there is an existing list with a
large membership for this topic located at
webappsec@securityfocus.com.
If you are dealing with application security related compromise
issues, webapp or otherwise, I'd include the sf list at a minimum
(in addition to questions about any of the topics below).
webappsec@securityfocus.com is the home of the OWASP
(www.owasp.org) mailing list which addresses the same topics listed
below. WASC (below) is a new organization predominantly organized
by web application "security"
product-vendors. The OWASP organization is predominantly organized
by consulting services vendors. Definitely worth utilizing both
lists and keeping in mind potential for bias (e.g.-for or against
automated widgets) on both lists.
Since most of this list's traffic is L3/L4 I'm not sure how helpful
either list will be for the Intrusion topic, but if the subject of
another Santy type worm comes up there's peoples on both those
lists with strong appsec knowledge.
-ae
-----Original Message-----
From: intrusions-bounces@lists.sans.org
[mailto:intrusions-bounces@lists.sans.org]On Behalf Of
contact@webappsec.org
Sent: Sunday, May 08, 2005 4:18 PM
To: intrusions@lists.sans.org
Cc: contact@webappsec.org
Subject: [Intrusions] Announcement: The Web Security Mailing List
The Web Application Security Consortium (WASC) is proud to
present
'The Web Security Mailing List'.
What is The Web Security Mailing List?
The Web Security Mailing List is an open information forum for
discussing topics relevant to web security. Topics include, but
are
not limited to, industry news and technical discussions
surrounding
web applications, proxies, honeypots, new attack types,
methodologies,
application firewalls, discoveries, experiences, web servers,
application servers, database security, tools, solutions, and
others.
To post a message send an email to: websecurity@webappsec.org
Subscribe by sending email to: websecurity-
subscribe@webappsec.org
Unsubscribe by sending email to:
websecurity-unsubscribe@webappsec.org
Regards,
- Robert Auger
contact_at_webappsec.org
http://www.webappsec.org
--------------------------------------------------------------
----------------------
The Web Security Mailing List Charter
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/
_______________________________________________
Intrusions mailing list
Intrusions@lists.sans.org
http://www.dshield.org/mailman/listinfo/intrusions
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate
Program:
http://www.hushmail.com/about-affiliate?l=427
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427
