[WEB SECURITY] 2009 Top 25 Programming Errors

r at fuckthespam.com r at fuckthespam.com
Wed Jan 14 14:05:14 EST 2009

Just few comments on what you said...

> For those that aren't paying attention -- you understand that this is
> going to become your new "standard" for appsec, correct?
> For all of you ignoring this -- this is going to replace the OWASP Top
> 10 and WASC TC 1.0 or 2.0 etc. That is the goal/agenda of SANS & CWE.
> Begin press releases, beat the marketing campaign drums.

Not at all, the target is not the same. This is targeting developers. This
document is all about programmings error (weaknesses).

> If I had not found this on SANS's website I would have thought this was a
> joke.
> So now we know that XSS "comes from me" and is "input directly into
> your server".

Yeah, directly into your server is hilarious; devs are not stupid...
But all this "your server" kind of things, the way to talk to the
developer is not too bad I think. I really believe this is an informal way
to talk about security with developers...
At least, this is how I would use that list.

My 2 cents,

Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn

More information about the websecurity mailing list