Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: The Original Web Security Mailing List

from [Jeremiah Grossman] Network Security [Permanent Link]
Subject: Re: The Original Web Security Mailing List
Date: Wed, 11 May 2005 18:10:16 -0700 
comments inline:

On Monday, May 9, 2005, at 03:53  PM, Arian J. Evans wrote:

I would like to point out that there is an existing list with a large membership
for this topic located at webappsec@securityfocus.com.

While I'm not sure of the actual size of webappsec@sf list, the traffic has been limited and slow just the same for quite some time. But as you probably know, there is top-notch WebAppSec conversation occurring all over. Just not in a public-list forum where it would be of exceptional value to a larger audience. WASC, through a network members and contributors, felt we could increase community discussion by gathering a large contingent of organizations and leading experts to cover a larger array of web application security topics.


If you are dealing with application security related compromise issues,
webapp or otherwise, I'd include the sf list at a minimum (in addition to
questions about any of the topics below).

If subscribers feel the need to cross-post amongst the two lists, they should feel free to do so. Several lists such as secprog and sc-l are similarly focused and coexist nicely.

webappsec@securityfocus.com is the home of the OWASP (www.owasp.org)
mailing list which addresses the same topics listed below. WASC (below)
is a new organization predominantly organized by web application "security"
product-vendors. The OWASP organization is predominantly organized by
consulting services vendors.

Your definition of OWASP (as a participant) may be true enough, but is certainly not accurate for WASC. Today WASC includes a wide variety of contributing industry practitioners (enterprise and government) and vendors (scanners, firewalls, service providers, consultants, etc.) Member and contributor numbers have expanded exceptionally fast during our first year to include developers, quality assurance, and security professionals.


Definitely worth utilizing both lists and keeping
in mind potential for bias (e.g.-for or against automated widgets) on both lists.

The moderation of our list will have no bias for or against any particular kind product or methodology. Our goal is open dialog amongst the subscribers and conclusions drawn by the reader. We want to be as hands-off as possible as this enables the best information exchange.


Since most of this list's traffic is L3/L4 I'm not sure how helpful either list
will be for the Intrusion topic, but if the subject of another Santy type worm
comes up there's peoples on both those lists with strong appsec knowledge.

-ae

-----Original Message-----
From: intrusions-bounces@lists.sans.org
[mailto:intrusions-bounces@lists.sans.org]On Behalf Of
contact@webappsec.org
Sent: Sunday, May 08, 2005 4:18 PM
To: intrusions@lists.sans.org
Cc: contact@webappsec.org
Subject: [Intrusions] Announcement: The Web Security Mailing List


The Web Application Security Consortium (WASC) is proud to
present 'The Web Security Mailing List'.

What is The Web Security Mailing List?
The Web Security Mailing List is an open information forum
for discussing topics relevant to
web security. Topics include, but are not limited to,
industry news and technical discussions
surrounding web applications, proxies, honeypots, new attack
types, methodologies, application
firewalls, discoveries, experiences, web servers, application
servers, database security, tools,
solutions, and others.


To post a message send an email to: websecurity@webappsec.org

Subscribe by sending email to: websecurity-subscribe@webappsec.org

Unsubscribe by sending email to:
websecurity-unsubscribe@webappsec.org


Regards,

- Robert Auger

contact_at_webappsec.org
http://www.webappsec.org


--------------------------------------------------------------
----------------------
The Web Security Mailing List Charter
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/


_______________________________________________
Intrusions mailing list
Intrusions@lists.sans.org
http://www.dshield.org/mailman/listinfo/intrusions


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  New Free Tool - Foundstone .NET Mon, Curphey, Mark
Next by Date:  Fwd: Re: The Original Web Security Mailing List, auto231439
Previous by Thread:  The Original Web Security Mailing List, Arian J. Evans
Next by Thread:  Re: The Original Web Security Mailing List, Matthieu Estrade
Indexes:  [Date] [Thread] [Top] [All Lists]