[WEB SECURITY] Great article outlining a core issue with many in

Adam Muntner unix23 at gmail.com
Tue Feb 22 12:53:35 EST 2011


This has been my main research project for the last couple years, with a
security focus.

The repo is at HTTP://fuzzdb.googlecode.com

There have been a lot of quality submissions, already, and it could always
use more!

Adam

On Feb 22, 2011 12:28 PM, <robert at webappsec.org> wrote:

> *Proposed Solution =96 Open Test Data*
> Security people tell developers to "do input validation". Input validation
> is no news to developers. The problem is defining the data model and
testin=
> g
> the input validation. We can do something important here =96 building
> opentestdata.org. I own the domain and dream about the following beautiful
> community effort:
>    You go to the site and can either "submit test data" or "download test
> data". On the submission page you can anonymously enter a e.g. Portuguese
> postal address, an Indian human name, a Swedish postal/zip code ... or 100
> SQL injection strings. The effort is almost zero.
>    On the download page you choose your format and download in context.
"We
> have European customers so we want European human names, postal addresses,
> and phone numbers". Developers will love it. And that's where we can start
> promoting security testing!

I tried to start something similar at www.qasec.com a couple years ago but
ended up removing
it as I couldn't dedicate the attention that it deserved. I think that
having a repository
of qa test cases (with and without a security focus) is something that is
sorely needed and would
go a long way. As is the case with any open project finding a
dedicated/qualified leader is the most
difficult aspect. If you're saying that you'll lead this effort then I'd be
willing to contribute some
sample plans.

Regards,
- Robert
http://www.cgisecurity.com/
http://www.webappsec.org/
http://www.qasec.com/



_______________________________________________
The Web Security Mailing List

WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss

Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA

WASC on Twitter
http://twitter.com/wascupdates

websecurity at lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110222/ac5215b9/attachment-0003.html>


More information about the websecurity mailing list