[WEB SECURITY] Findings.

Nitchi DaMon nitchimon at yahoo.com
Thu Feb 4 15:44:03 EST 2010


MaXe,

Thanks.  The Fu is at work and trying to find that pesky link.

One file link has shown up that was part of the overall picture I am trying to paint.

http://www.owasp.org/index.php/Category:OWASP_Security_Spending_Benchmarks

this is one.  But there WAS another that I read within the last 2 weeks and it was dated either 3rd or 4th Q 2009 that specifically stated "training is not enough and is not the answer".

We all know its PART of the answer but the document had some interesting facts that I want to reference to.

thanks!!!


Nitch.

--- On Thu, 2/4/10, MaXe <owasp at intern0t.net> wrote:

> From: MaXe <owasp at intern0t.net>
> Subject: Re: [WEB SECURITY] Findings.
> To: "Nitchi DaMon" <nitchimon at yahoo.com>
> Cc: websecurity at webappsec.org
> Date: Thursday, February 4, 2010, 3:34 PM
> Hi Nitchi,
> 
> 
> Not sure which reports but if you had some of the text or
> the title on
> them then you could apply some Google-Fu and find them
> easily again, in
> most cases that is :-)
> 
> Anyway, there is also another reason: Developers that
> doesn't understand
> IT-security well enough. (many doesn't take non-persistent
> injections
> serious like XSS cause who would be "stupid" enough to
> click a malicious
> link like bit.ly/xxxxx ? xD
> 
> 
> Best regards,
> MaXe
> 
> Nitchi DaMon wrote:
> > Greetings all,
> >
> > Since we are "X" years into Application Security, I
> remember seeing a new report or reports that people are
> starting to recognize we are still having App Vulns.
> >
> > The report(s) showed that while no training and no
> SDLC and other things missing showed initially that upwards
> to 80 to 95% of software had vulnerabilities.  But
> after training, and a few years of AppSec techniques, it was
> found that the number dropped to 30 to 40%. But the issues
> were still there. They were still there because of
> sloppiness and various reasons.
> >
> > I thought I saved the link and or the papers local,
> but discoverd I saved the wrong URLs.  
> >
> > Does anyone remember these reports and can you please
> forward to me the links ?
> >
> >
> > Thanks.
> >
> >
> > Nitch.
> >
> >
> >
> >
> >       
> >
> >
> ----------------------------------------------------------------------------
> > Join us on IRC: irc.freenode.net #webappsec
> >
> > Have a question? Search The Web Security Mailing List
> Archives: 
> > http://www.webappsec.org/lists/websecurity/archive/
> >
> > Subscribe via RSS: 
> > http://www.webappsec.org/rss/websecurity.rss [RSS
> Feed]
> >
> > Join WASC on LinkedIn
> > http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> >
> >
> >   
> 
> 


      

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list