[WEB SECURITY] Re: [SC-L] [WEB SECURITY] RE: I have not seen many people comment
planetlevel
planetlevel at gmail.com
Fri Apr 23 20:50:41 EDT 2010
Hi Robert,
There are *several* risks in the new OWASP Top 10 which have the technical
impact of disclosing sensitive information, including Injection, Insecure
Direct Object References, and Failure to Restrict URL Access. The T10 isn't
organized by attack or impact (such as information leakage), because it
leads to a combinatorial explosion of risks. Instead, we've organized the
T10 around the missing or broken security control involved with each risk.
We believe that this is the simplest thing to measure and manage, and is to
most directly applicable to software developers.
Specifically with regard to information leakage, the traditional use of this
term (see e.g. http://projects.webappsec.org/Information-Leakage) focuses on
implementation details, such as IP addresses and stack traces -- not
sensitive business or personal information. While the release of
such implementation details isn't good, and it is very common, in most cases
it is not a risk by itself, but simply makes another risk worse. Based on
the risk factors we were able to determine from the data we received,
information leakage (as defined above) didn't make the top ten.
Hopefully that helps explain why it's not in the list, but remember that the
T10 is by necessity a generalization, and what's important to your
organization may differ.
--Jeff
On Wed, Apr 21, 2010 at 8:43 PM, <robert at webappsec.org> wrote:
> >> > Hello Matt,
> > >
> > > My only real concern is that the owasp top ten is now based on 'Risks'
> and has removed information/data disclosure/leakage.
> > > Speaking as someone who has worked in a risk management team, I see the
> leakage of customer/sensitive data as one of the most
> > > serious "Risks" that exist for a company, and it is something that is
> happening more and more. I brought this to the attention
> > > of the Top Ten List back in November (see #5)
> https://lists.owasp.org/pipermail/owasp-topten/2009-November/000487.htmland it
> > > wasn't really addressed.
> > >
> > > If the top ten was based on attacks and weaknesses (or just
> vulnerabilities) rather than 'risks' then I could see the argument
> > > for removal. Other than that, it is nice to see this document
> maturing/improving.
> > >
> > > Regarding your comment on open redirects I've seen these many times in
> the real worldand they ARE being used by individuals
> > > to phish users. CSRF was used by the samy worm (not what I'd call a
> well organized motivated attacker as much as a Poc) in
> > > combination with xss so I'd say it is used by both audiences (the abuse
> case is really application/functionality specific).
> > >
> > >
> > > Regards,
> > > - Robert A.
> > > http://www.webappsec.org/
> > > http://www.cgisecurity.com/
> > > http://www.qasec.com/
> > >
> > >
> > >
> > >> ------=_NextPart_000_02D7_01CAE13B.A677CE70
> > >> Content-Type: multipart/alternative;
> > >> boundary="----=_NextPart_001_02D8_01CAE13B.A677CE70"
> > >>
> > >>
> > >> ------=_NextPart_001_02D8_01CAE13B.A677CE70
> > >> Content-Type: text/plain;
> > >> charset="us-ascii"
> > >> Content-Transfer-Encoding: 7bit
> > >>
> > >> I have not seen many people comment on the new OWASP top Ten. What
> does
> > >> every one think. I blogged about it from my perspective. I am
> interested in
> > >> hearing about other people's experience with it.
> > >>
> > >>
> > >>
> > >>
> http://parsonsisconsulting.blogspot.com/2010/04/parsons-response-to-owasp-to
> > >> p-10-in.html
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> Matt Parsons, MSM, CISSP
> > >>
> > >> 315-559-3588 Blackberry
> > >>
> > >> 817-294-3789 Home office
> > >>
> > >> "Do Good and Fear No Man"
> > >>
> > >> Fort Worth, Texas
> > >>
> > >> A.K.A The Keyboard Cowboy
> > >>
> > >> <mailto:mparsons1980 at gmail.com> mailto:mparsons1980 at gmail.com
> > >>
> > >> <http://www.parsonsisconsulting.com>
> http://www.parsonsisconsulting.com
> > >>
> > >> <http://www.o2-ounceopen.com/o2-power-users/>
> > >> http://www.o2-ounceopen.com/o2-power-users/
> > >>
> > >> <http://www.linkedin.com/in/parsonsconsulting>
> > >> http://www.linkedin.com/in/parsonsconsulting
> > >>
> > >> <http://parsonsisconsulting.blogspot.com/>
> > >> http://parsonsisconsulting.blogspot.com/
> > >>
> > >> <http://www.vimeo.com/8939668> http://www.vimeo.com/8939668
> > >>
> > >> <http://twitter.com/parsonsmatt> http://twitter.com/parsonsmatt
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> 0_0_0_0_250_281_csupload_6117291
> > >>
> > >>
> > >>
> > >> untitled
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >> ------=_NextPart_001_02D8_01CAE13B.A677CE70
> > >> Content-Type: text/html;
> > >> charset="us-ascii"
> > >> Content-Transfer-Encoding: quoted-printable
> > >>
> > >> <html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
> > >> xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
> > >> xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
> > >> xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
> > >> xmlns=3D"http://www.w3.org/TR/REC-html40">
> > >>
> > >> <head>
> > >> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
> > >> charset=3Dus-ascii">
> > >> <meta name=3DGenerator content=3D"Microsoft Word 12 (filtered
> medium)">
> > >> <!--[if !mso]>
> > >> <style>
> > >> v\:* {behavior:url(#default#VML);}
> > >> o\:* {behavior:url(#default#VML);}
> > >> w\:* {behavior:url(#default#VML);}
> > >> .shape {behavior:url(#default#VML);}
> > >> </style>
> > >> <![endif]-->
> > >> <style>
> > >> <!--
> > >> /* Font Definitions */
> > >> @font-face
> > >> {font-family:Calibri;
> > >> panose-1:2 15 5 2 2 2 4 3 2 4;}
> > >> @font-face
> > >> {font-family:Tahoma;
> > >> panose-1:2 11 6 4 3 5 4 4 2 4;}
> > >> /* Style Definitions */
> > >> p.MsoNormal, li.MsoNormal, div.MsoNormal
> > >> {margin:0in;
> > >> margin-bottom:.0001pt;
> > >> font-size:11.0pt;
> > >> font-family:"Calibri","sans-serif";}
> > >> a:link, span.MsoHyperlink
> > >> {mso-style-priority:99;
> > >> color:blue;
> > >> text-decoration:underline;}
> > >> a:visited, span.MsoHyperlinkFollowed
> > >> {mso-style-priority:99;
> > >> color:purple;
> > >> text-decoration:underline;}
> > >> p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
> > >> {mso-style-priority:99;
> > >> mso-style-link:"Balloon Text Char";
> > >> margin:0in;
> > >> margin-bottom:.0001pt;
> > >> font-size:8.0pt;
> > >> font-family:"Tahoma","sans-serif";}
> > >> span.BalloonTextChar
> > >> {mso-style-name:"Balloon Text Char";
> > >> mso-style-priority:99;
> > >> mso-style-link:"Balloon Text";
> > >> font-family:"Tahoma","sans-serif";}
> > >> span.EmailStyle19
> > >> {mso-style-type:personal;
> > >> font-family:"Calibri","sans-serif";
> > >> color:windowtext;}
> > >> span.EmailStyle20
> > >> {mso-style-type:personal-reply;
> > >> font-family:"Calibri","sans-serif";
> > >> color:#1F497D;}
> > >> .MsoChpDefault
> > >> {mso-style-type:export-only;
> > >> font-size:10.0pt;}
> > >> @page Section1
> > >> {size:8.5in 11.0in;
> > >> margin:1.0in 1.0in 1.0in 1.0in;}
> > >> div.Section1
> > >> {page:Section1;}
> > >> -->
> > >> </style>
> > >> <!--[if gte mso 9]><xml>
> > >> <o:shapedefaults v:ext=3D"edit" spidmax=3D"3074" />
> > >> </xml><![endif]--><!--[if gte mso 9]><xml>
> > >> <o:shapelayout v:ext=3D"edit">
> > >> <o:idmap v:ext=3D"edit" data=3D"1" />
> > >> </o:shapelayout></xml><![endif]-->
> > >> </head>
> > >>
> > >> <body lang=3DEN-US link=3Dblue vlink=3Dpurple>
> > >>
> > >> <div class=3DSection1>
> > >>
> > >> <p class=3DMsoNormal><span style=3D'color:#1F497D'>I have not seen
> many =
> > >> people
> > >> comment on the new OWASP top Ten. What does every one think. I blogged
> =
> > >> about it
> > >> from my perspective. I am interested in hearing about other =
> > >> people’s
> > >> experience with it. <o:p></o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span =
> > >> style=3D'color:#1F497D'><o:p> </o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span style=3D'color:#1F497D'><a
> > >> href=3D"
> http://parsonsisconsulting.blogspot.com/2010/04/parsons-response-=
> > >> to-owasp-top-10-in.html">
> http://parsonsisconsulting.blogspot.com/2010/04/=
> > >> parsons-response-to-owasp-top-10-in.html</a><o:p></o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span =
> > >> style=3D'color:#1F497D'><o:p> </o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span =
> > >> style=3D'color:#1F497D'><o:p> </o:p></span></p>
> > >>
> > >> <div>
> > >>
> > >> <p class=3DMsoNormal><span style=3D'color:#1F497D'>Matt Parsons, MSM,
> =
> > >> CISSP<o:p></o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span style=3D'color:#1F497D'>315-559-3588 =
> > >> Blackberry<o:p></o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span style=3D'color:#1F497D'>817-294-3789 Home =
> > >> office<o:p></o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span style=3D'color:#1F497D'>"Do Good and =
> > >> Fear No
> > >> Man" <o:p></o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span style=3D'color:#1F497D'>Fort Worth, =
> > >> Texas<o:p></o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span style=3D'color:#1F497D'>A.K.A The Keyboard
> =
> > >> Cowboy<o:p></o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span style=3D'color:#1F497D'><a
> > >> href=3D"mailto:mparsons1980 at gmail.com"><span =
> > >> style=3D'color:blue'>mailto:mparsons1980 at gmail.com
> </span></a><o:p></o:p><=
> > >> /span></p>
> > >>
> > >> <p class=3DMsoNormal><span style=3D'color:#1F497D'><a
> > >> href=3D"http://www.parsonsisconsulting.com"><span =
> > >> style=3D'color:blue'>http://www.parsonsisconsulting.com
> </span></a><o:p></=
> > >> o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span style=3D'color:#1F497D'><a
> > >> href=3D"http://www.o2-ounceopen.com/o2-power-users/"><span =
> > >> style=3D'color:blue'>http://www.o2-ounceopen.com/o2-power-users/
> </span></=
> > >> a><o:p></o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span style=3D'color:#1F497D'><a
> > >> href=3D"http://www.linkedin.com/in/parsonsconsulting"><span =
> > >> style=3D'color:blue'>http://www.linkedin.com/in/parsonsconsulting
> </span><=
> > >> /a><o:p></o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span style=3D'color:#1F497D'><a
> > >> href=3D"http://parsonsisconsulting.blogspot.com/"><span =
> > >> style=3D'color:blue'>http://parsonsisconsulting.blogspot.com/
> </span></a><=
> > >> o:p></o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span style=3D'color:#1F497D'><a
> > >> href=3D"http://www.vimeo.com/8939668"><span =
> > >> style=3D'color:blue'>http://www.vimeo.com/8939668
> </span></a><o:p></o:p></=
> > >> span></p>
> > >>
> > >> <p class=3DMsoNormal><span style=3D'color:#1F497D'><a
> > >> href=3D"http://twitter.com/parsonsmatt"><span =
> > >> style=3D'color:blue'>http://twitter.com/parsonsmatt
> </span></a><o:p></o:p>=
> > >> </span></p>
> > >>
> > >> <p class=3DMsoNormal><span =
> > >> style=3D'color:#1F497D'><o:p> </o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span =
> > >> style=3D'color:#1F497D'><o:p> </o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span style=3D'color:#1F497D'><img border=3D0 =
> > >> width=3D80
> > >> height=3D90 id=3D"Picture_x0020_1" =
> > >> src=3D"cid:image001.jpg at 01CAE13B.A4FF1120"
> > >> alt=3D"0_0_0_0_250_281_csupload_6117291"><o:p></o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span =
> > >> style=3D'color:#1F497D'><o:p> </o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span style=3D'color:#1F497D'><img border=3D0 =
> > >> width=3D75
> > >> height=3D75 id=3D"Picture_x0020_2" =
> > >> src=3D"cid:image002.jpg at 01CAE13B.A4FF1120"
> > >> alt=3Duntitled><o:p></o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span =
> > >> style=3D'color:#1F497D'><o:p> </o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span =
> > >> style=3D'color:#1F497D'><o:p> </o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span =
> > >> style=3D'color:#1F497D'> <o:p></o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span =
> > >> style=3D'color:#1F497D'> <o:p></o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span =
> > >> style=3D'color:#1F497D'><o:p> </o:p></span></p>
> > >>
> > >> <p class=3DMsoNormal><span =
> > >> style=3D'color:#1F497D'> </span><o:p></o:p></p>
> > >>
> > >> </div>
> > >>
> > >> <p class=3DMsoNormal><o:p> </o:p></p>
> > >>
> > >> </div>
> > >>
> > >> </body>
> > >>
> > >> </html>
> > >>
> > >> ------=_NextPart_001_02D8_01CAE13B.A677CE70--
> > >>
> > >> ------=_NextPart_000_02D7_01CAE13B.A677CE70
> > >> Content-Type: image/jpeg;
> > >> name="image001.jpg"
> > >> Content-Transfer-Encoding: base64
> > >> Content-ID:<image001.jpg at 01CAE13B.A4FF1120>
> > >>
> > >>
> /9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQDg0NDh0VFhEYIx8lJCIf
> > >>
> IiEmKzcvJik0KSEiMEExNDk7Pj4+JS5ESUM8SDc9Pjv/2wBDAQoLCw4NDhwQEBw7KCIoOzs7Ozs7
> > >>
> Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozv/wAARCABaAFADASIA
> > >>
> AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA
> > >>
> AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3
> > >>
> ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm
> > >>
> p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA
> > >>
> AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
> > >>
> BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK
> > >>
> U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
> > >>
> uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwCbHNOA
> > >>
> oxzTsADmsyhKrTalaW7FZJwGHUDJNV9Xv/s0XlRk+Y4/IVzixSStwckmkM6lNZsHOPtAH+8CKuxy
> > >>
> LKoZGDKe6nNcqmjXEi7ghp6W9/prFo98Y745B+ooK5WdVg0FTWfp2sx3REMibZsdjw1aWT/c/Wgk
> > >>
> jINJg5qQlv7n6035s/c/WmITbzSleKeF5pLj5YJGHUKTQM5a4zfajIRkrnH4VsWFhHb4bZuz+YrL
> > >>
> 00fvGcjpzXQWzS4D/u0HbzD1qJM3pxW5dQArgrj8KgubcMhyuRVy3uFZcTFM+q1WvbjzD8sywxAY
> > >>
> LEVFzosjlNQtnspxcQjBVg1dRbt59vHKOjqG/Osq/tme2fbJ5yEfe9K0dBQnRrbP90/zNaJnJUjZ
> > >>
> ljZTSlWtlN2DNMyIlXmm3AUQPuOF2nNSqOaSWPzI2Q/xKRTYzn7GFbe6eP72CMVspaJK2+RA5689
> > >>
> qzrcrJNCwxuA2t65FdDbrsjyw7VkztgkUGgZrtYwcZ5yaSK2LtJGyCRe6noanOyWctJgAHgZ5pYi
> > >>
> sE+YyGQ/w56UjWyKksAijcBdoPUVb0uMJpsC+i/1p98A0RIGKktEKWkSnqFFVE5a9h5FMIqU0w1Z
> > >>
> zECDmn4/eD6U1B8wqUD96v0NMDD1C3Sx1OKdMhZidw7Zret5VkgPfI4qnrdoLjTJD0aIb1P0rP0y
> > >>
> +bYIZDhsZU+oqJI6KUjXtrZ4nZoZNgJycgGi5gkdlZ5NwUggBcU63mUnDvt9qS8mjVflck+lSdN1
> > >>
> YZeOHCRjq3H51cxgYHQVgNdn7QknJSJtzY71vQyx3ECTRMGjkXcpHcVcVocdV3YhphqRhTDwaZkQ
> > >>
> oPnH1qSR1jkVnYKu05JOAOlcVf8Aj2NMrp8BLZ+/L0/KuYvtbvtTkzc3Lyei5wB9BVpE3O917xZZ
> > >>
> W9tJa2ji4mdSu5furn37motISO/sIwDhgBtPevOjKS3XgV1/hC8DRSQs3KnIrWFNS0D2jhqdUguI
> > >>
> fklTfjvikdJ7o+XGu0HqavwX8RULcgDA/wBYen40XN6m3y7crt7uO/0qFQnzctjd1ocvNcx9R8qw
> > >>
> s3GQRGpJNcdo/jK+0hjHhZ7YsT5Tn7ufQ9q1vFt6Y9O2Kcea+0e4HWuCkyGz61tUpqFoo5lUdR8z
> > >>
> PT7T4gaTcYFxHNbE9yNy/mK3LXUbK/UNaXUUw9EbJ/LrXie4g0+K4kikDRuysDwVODWPKVcYXO4/
> > >>
> WhXZScClwM9BTgBnoKsQgbJrd8MzbNSWMniUbfx7ViqB6CtLSABqduR/z1X+dXTdpImSujuxMy3s
> > >>
> EdwSkbD5GycE9wcdP1rTuxifyxGEXaPu9CfWpLKON9XgDIrDzV6j/aWk2jfc8Di5cfhgVte1exjv
> > >>
> TOC8azA30MAPEceSPcn/AOsK5ZuRiuh8WDOu3Gf9n/0EVhlRtPArOrrNmsPhK5yfwoA5FSEDI4FO
> > >> 2jI4HWsij//Z
> > >>
> > >> ------=_NextPart_000_02D7_01CAE13B.A677CE70
> > >> Content-Type: image/jpeg;
> > >> name="image002.jpg"
> > >> Content-Transfer-Encoding: base64
> > >> Content-ID:<image002.jpg at 01CAE13B.A4FF1120>
> > >>
> > >>
> /9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQDg0NDh0VFhEYIx8lJCIf
> > >>
> IiEmKzcvJik0KSEiMEExNDk7Pj4+JS5ESUM8SDc9Pjv/2wBDAQoLCw4NDhwQEBw7KCIoOzs7Ozs7
> > >>
> Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozv/wAARCABLAEsDASIA
> > >>
> AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA
> > >>
> AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3
> > >>
> ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm
> > >>
> p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA
> > >>
> AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
> > >>
> BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK
> > >>
> U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
> > >>
> uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD2Wmlh
> > >>
> xzQ7ALknHua5tb+81rUkOn3DQxW8m2eJxtZCDzuGPmDDjHBHWgTLGoeIJI7pILKxlumDlH24yhUj
> > >>
> cMeu07h2NRNpGsXtlGtzf7JlkkyVyBgnCsNpHI6gdOa3khRJHkSNVZ8bmA5OOmakHFAWMBvCsbz3
> > >>
> jtdTbb2RXkA4wVbcMHt0pYtAvLSWy+zai/2e0ZiYnzmQMSSSc8nkYz7mt+igLHPJeajpMUa3yyXI
> > >>
> IyzjGQzNhIw3APqSa17HUIL+1jniPDrnaeo5wf1BqaWGOZCkiK6MMFWGQR9KyTocFtq41RLhoESL
> > >>
> bJGvAYDG0H0VRn5RxzQGqNqiqWm6pb6pbme3DhA5UF1xnB6j1FXaBmHr1zOTBaQIriV9siSRkpIp
> > >>
> 6oWHCnHIzx71p2lrFawrFEG2gdWYsx9Mk8njjn0rH0d0utbv5VhvIHVyJPNfCSdlwn0HBroAMDFA
> > >>
> lrqcR428b3/hjVILS0tbeVJYPMJl3ZByR2PtXO/8Lb1n/oH2X/j/APjTfi1/yMVp/wBeg/8AQjXC
> > >>
> 1RzTnJSsjvP+Ft6z/wBA+x/8f/xo/wCFt6z/ANA+x/8AH/8AGuDoosR7SXc71PizrDSop0+ywzAf
> > >>
> x+v1r1fAZee4r5uh/wBfH/vr/OvpIfdH0pNG9KTle5z99/xK9XtpYEuJTIPKjtoUVYkTqx6de/b0
> > >>
> rfDZAI5FUdYH/Esmb9+Qo3Fbdtrv/sg+9V9Ku3g0yCF7C5jMa7QknzMAOBk9+MUjTYreF3jcTGK8
> > >>
> urlcJzOQfLJBJTjuM810NQQSK0skaoy+WQCSuAxIzkHvU9A0eR/Fr/kYrP8A69B/6E1cLXefFdGk
> > >>
> 8TWMaKWd7YKqjuS5wK5efS7C3nNo2qFrxGCMqwEx7s4Kh88455xjiqRyTV5My6K2rnw8lqI1e+xJ
> > >>
> NO0MR8k+VkPtO58/K3fHpTh4ft/tN5E15cgWUYMo+xHzMlwuAueQc5B9KZPKzGh/18f++v8AOvpI
> > >>
> fdH0r56vdOGmaj9ma5SSSOcIVCkEDgg89OvSvoVfuj6VLNqPUhvGVbOZnwFEbFs56Y9ufyrzyK7s
> > >>
> 7ZPLbUbVzuJ3NDcOcEkjndyOeD6V6PKQEYnoBzxmq0MdrNCkkcUYRlBUGPBx24PSkbNEV7eyWjJi
> > >>
> JBF1eaRsKo9Pr0xV2KRZY1dCGVhkMO4qO6tYrmILJGr7TuTcMgN2qlZXUlu6213MWkKqWyAAjH+E
> > >>
> Y65PI9BQPqed/FVpU8TWEsSvuS2DKwXOCHOK5me/sp7hr06VcJdu/mNtmPlB85LBduefTOOa982o
> > >>
> 4yyqfqKPLj/uL+VO5m6eu54Q2sQsl6Bp1wWvnJmQynyyC+7IXHDY4zmnS6/Itm9taW93F+4EKTNK
> > >>
> TIo3h+WAHAxgCvdfKj/55r+VHlR/881/Ki4vZvufOUaStcxsUkYmQEkgknmvo8fdH0pvlRf880/I
> > >>
> VWu75bb92pVpmH7uMnG49gT0GTxk0FQhyiXN8YnCRxeex4Ko43Ke2Qe1WwOOSKzdOtHeX7fdwxi5
> > >>
> Zdm4Lhtvbd6HtxWngelIsWql7Yx3UbcBJSpUSqBvUH0PardFAzIiS8sI4beJFlUFY0DE/dAyzE9u
> > >>
> egq9b3sMyylSVELFXLDABHXmrB6Gqt5FGLG4QKArI2QO+RzQIkS8t5NvlzRsGG4YYcj1pp1C1whW
> > >>
> ZG3527TnOBz0rEv7WCHU4Yo4wqGAx7R/dIfP8utO0ALd2sV3OqvP50h34xghdv8AICgLlt9Va5jj
> > >>
> +xoR58e+GRhkEg8qR247+9SW+n+cVnug+9trbC/Tvtb+8Ac49Kuw28NtFshjCLycD1qVeg+lAC0U
> > >> UUDP/9k=
> > >>
> > >> ------=_NextPart_000_02D7_01CAE13B.A677CE70--
> > >>
> > >>
> > > _______________________________________________
> > > Secure Coding mailing list (SC-L) SC-L at securecoding.org
> > > List information, subscriptions, etc -
> http://krvw.com/mailman/listinfo/sc-l
> > > List charter available at -
> http://www.securecoding.org/list/charter.php
> > > SC-L is hosted and moderated by KRvW Associates, LLC (
> http://www.KRvW.com <http://www.krvw.com/>)
> > > as a free, non-commercial service to the software security community.
> > > Follow KRvW Associates on Twitter at:
> http://twitter.com/KRvW_Associates
> > > _______________________________________________
> > >
> >
> >
> > --
> > Jim Manico
> > OWASP Podcast Host/Producer
> > OWASP ESAPI Project Manager
> > http://www.manico.net
> >
>
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
>
--
--pl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20100423/e01b0a75/attachment.html>
More information about the websecurity
mailing list