Re: Two questions: FAQ and OWASP ASAC

[Rogan Dawes <discard () dawes za net>]

Wall, Kevin wrote:
> Several years ago, I used to be heavily involved in this list.
> Things have changed a lot since then.  I was wondering:
>
> 1) Does this list have a FAQ, and if so, where is it? Is it the
>    same as http://www.webappsec.org/faq.html ? (The site appears
>    to be down.)

In fact, I don't think that this list DOES have a faq, other than maybe 
http://www.owasp.org/documentation/appsec_faq.html, which is not 
strictly a FAQ from this list, but is probably as close as you will get.

> 2) Whatever happened to OWASP's Application Security Attack Components
>    that used to be available at http://www.owasp.org/asac ? Did it
>    somehow morph into the WASC's Threat Classifications, at
>    http://www.webappsec.org/threat.html ?  They look pretty similar
>    (from what I can recall of OWASP's ASAC, at least.)

Well, the first problem is that you are looking on the wrong site. 
WebAppSec.org is unrelated to this list. www.owasp.org is far closer 
related, due to its history. Mark Curphey both moderated the webappsec 
list and started OWASP.

That said, I think that ASAC has largely fallen away, and been 
"replaced" by either the OWASP Top 10 
(http://www.owasp.org/documentation/topten.html) or the OWASP Guide 
(http://www.owasp.org/documentation/guide/guide_news.html), or possibly 
the OWASP Testing Project 
(http://www.owasp.org/documentation/testing.html), depending on what 
your requirements are.

> Thanks,
> -kevin

No problem,

Rogan
--
Rogan Dawes

*ALL* messages to discard () dawes za net will be dropped, and added
to my blacklist. Please respond to "lists AT dawes DOT za DOT net"