[WEB SECURITY] Findings.

MaXe owasp at intern0t.net
Thu Feb 4 15:34:29 EST 2010


Hi Nitchi,


Not sure which reports but if you had some of the text or the title on
them then you could apply some Google-Fu and find them easily again, in
most cases that is :-)

Anyway, there is also another reason: Developers that doesn't understand
IT-security well enough. (many doesn't take non-persistent injections
serious like XSS cause who would be "stupid" enough to click a malicious
link like bit.ly/xxxxx ? xD


Best regards,
MaXe

Nitchi DaMon wrote:
> Greetings all,
>
> Since we are "X" years into Application Security, I remember seeing a new report or reports that people are starting to recognize we are still having App Vulns.
>
> The report(s) showed that while no training and no SDLC and other things missing showed initially that upwards to 80 to 95% of software had vulnerabilities.  But after training, and a few years of AppSec techniques, it was found that the number dropped to 30 to 40%. But the issues were still there. They were still there because of sloppiness and various reasons.
>
> I thought I saved the link and or the papers local, but discoverd I saved the wrong URLs.  
>
> Does anyone remember these reports and can you please forward to me the links ?
>
>
> Thanks.
>
>
> Nitch.
>
>
>
>
>       
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives: 
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS: 
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
>
>   


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list