WebApp Sec mailing list archives
Web Application Security Consortium Project Announcements
From: contact () webappsec org
Date: Mon, 4 Apr 2005 15:19:20 -0400 (EDT)
The Web Application Security Consortium (WASC) is pleased to present two project announcements, and a document update. 1) "Web Application Security Statistics" Project http://www.webappsec.org/projects/statistics/ The WASC Statistics Project is the first attempt at an industry wide collection of application vulnerability statistics in order to identify the existence and proliferation of application security issues on enterprise websites. Anonymous data correlating vulnerability numbers and trends across organization size, industry vertical and geographic area are being collected and analyzed to identify the prevalence of threats facing today's online businesses. Such empirical data aims to provide the first true statistics on application layer vulnerabilities. Using the Web Security Threat Classification (http://www.webappsec.org/projects/threat/) as a baseline, data is currently being collected and contributed by more than a half dozen major security vendors with the list of contributors growing regularly. We are actively seeking others to contribute data. If you would like to be involved with the project, please contact Erik Caso (ecaso AT ntobjectives DOT com) 2) "Distributed Open Proxy Honeypot" Project http://www.webappsec.org/projects/honeypots/ The WASC solution is to use one of the web attacker's most trusted tools against him - the Open Proxy server. Instead of being the target of the attacks, we opt to be used as a conduit of the attack data in order to gather our intelligence. By deploying multiple, specially configured open proxy server (or proxypot), we aim to take a birds-eye look at the types of malicious traffic that traverse these systems. The honeypot systems will conduct real-time analysis on the HTTP traffic to categorize the requests into threat classifications outlined by the Web Security Threat Classification (http://www.webappsec.org/projects/threat/) and report all logging data to a centralized location. If you would like to be involved with the project, please contact Ryan Barnett ( rcbarnett AT hushmail DOT com) 3) Web Security Threat Classification is now available in HTML format to make referencing and using the information easier. http://www.webappsec.org/projects/threat/
Current thread:
- Web Application Security Consortium Project Announcements contact (Apr 05)