Web Application Security Consortium Project Announcements
contact_at_webappsec.org
Date: 04/04/05
- Previous message: Jon Hart: "Re: Samba hacking ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: pen-test@securityfocus.com Date: Mon, 4 Apr 2005 15:22:04 -0400 (EDT)
The Web Application Security Consortium (WASC) is pleased to present
two project announcements, and a document update.
1) "Web Application Security Statistics" Project
http://www.webappsec.org/projects/statistics/
The WASC Statistics Project is the first attempt at an industry wide
collection of application vulnerability statistics in order to identify
the existence and proliferation of application security issues on
enterprise websites. Anonymous data correlating vulnerability numbers
and trends across organization size, industry vertical and geographic
area are being collected and analyzed to identify the prevalence of
threats facing today's online businesses. Such empirical data aims to
provide the first true statistics on application layer vulnerabilities.
Using the Web Security Threat Classification
(http://www.webappsec.org/projects/threat/)
as a baseline, data is currently being collected and contributed by
more than a half dozen major security vendors with the list of contributors
growing regularly.
We are actively seeking others to contribute data.
If you would like to be involved with the project, please contact Erik
Caso (ecaso AT ntobjectives DOT com)
2) "Distributed Open Proxy Honeypot" Project
http://www.webappsec.org/projects/honeypots/
The WASC solution is to use one of the web attacker's most trusted
tools against him - the Open Proxy server. Instead of being the target
of the attacks, we opt to be used as a conduit of the attack data in
order to gather our intelligence. By deploying multiple, specially
configured open proxy server (or proxypot), we aim to take a birds-eye
look at the types of malicious traffic that traverse these systems.
The honeypot systems will conduct real-time analysis on the HTTP
traffic to categorize the requests into threat classifications outlined
by the Web Security Threat Classification
(http://www.webappsec.org/projects/threat/)
and report all logging data to a centralized location.
If you would like to be involved with the project, please contact Ryan
Barnett ( rcbarnett AT hushmail DOT com)
3) Web Security Threat Classification is now available in HTML format
to make referencing and using the information easier.
http://www.webappsec.org/projects/threat/
- Previous message: Jon Hart: "Re: Samba hacking ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
