[prev in list] [next in list] [prev in thread] [next in thread]
List: owasp-testing
Subject: Re: [Owasp-testing] Fwd: What is a vuln?
From: Eoin <eoinkeary () gmail ! com>
Date: 2006-11-09 10:01:44
Message-ID: f3193c100611090201w6216be70m232ad0dcc89b5ace () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi Daniel,
regarding the spanish version of the Testing guide, Once this Autumn of Code
project is complete (31/12/2006) get in touch with myself and we can work on
the spanish version and find a home for it on the WIKI.
thanks,
Eoin
On 09/11/06, Daniel P.F (a.k.a MeTal) <metalslug@hacktimes.com> wrote:
>
>
> ok guys, my 2 euro cents to the "brain storming" ;)
>
> Vulnerability: a security exposure in the system design, implementation,
> code, or the lack of a mechanism which arises as the unexpected result
> of some action or occurrence which gives rise to a potential security
> breach.
>
> but, frankly, I don't think an accurate definition could be possible in
> just two lines. Maybe an extended definition with more precision should
> be required, because of the variety of the situations and perspectives.
>
> btw, who can tell me how can I contribute with the spanish translation
> of the new guide and where to start?
> Please raise your hand, thank you.
>
> Greets from Spain.
>
>
>
> Ralph M. Los wrote:
>
> >
> > How about this:
> >
> > A Vulnerability is defined as A) an unexpected behavior of either
> > application or environment that represents a danger or B) an
> > expected behavior but that has not been perceived as risk. This
> > behavior normally represent a danger of CIA triad (Confidentiality,
> > Integrity, Availability) being compromised and/or potential
> > exploitation.
> >
> >
> >
> > My 2 cents + VAT
> >
> > MgpF
> >
> > -- Matteo G.P. Flora | mf@matteoflora.com | www.MatteoFlora.com Pres.
> >
> >
> > -----------
> >
> > If I may add my $0.02 in... I think a vulnerability definition must
> > change slightly:
> >
> > "... a condition in which an unexpected result of some action upon
> > the subject gives rise to a potential for exploitation"
> >
> > Ralph M. Los Information Security Consultant
> >
> > _______________________________________________ Owasp-testing mailing
> > list Owasp-testing@lists.owasp.org
> > http://lists.owasp.org/mailman/listinfo/owasp-testing
> >
>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing@lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-testing
>
--
Eoin Keary OWASP - Ireland
http://www.owasp.org/local/ireland.html
http://www.owasp.org/index.php/OWASP_Testing_Project
http://www.owasp.org/index.php/OWASP_Code_Review_Project
[Attachment #5 (text/html)]
Hi Daniel,<br>regarding the spanish version of the Testing guide, Once this Autumn of \
Code project is complete (31/12/2006) get in touch with myself and we can work on the \
spanish version and find a home for it on the WIKI. \
<br>thanks,<br>Eoin<br><br><br><div><span class="gmail_quote">On 09/11/06, <b \
class="gmail_sendername">Daniel P.F (a.k.a MeTal)</b> <<a \
href="mailto:metalslug@hacktimes.com">metalslug@hacktimes.com</a>> wrote:</span> \
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); \
margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>ok guys, my 2 euro cents to the \
"brain storming" ;)<br><br>Vulnerability: a security exposure in the system \
design, implementation, <br>code, or the lack of a mechanism which arises as the \
unexpected result<br>of some action or occurrence which gives rise to a potential \
security<br>breach.<br><br>but, frankly, I don't think an accurate definition could \
be possible in <br>just two lines. Maybe an extended definition with more precision \
should<br>be required, because of the variety of the situations and \
perspectives.<br><br>btw, who can tell me how can I contribute with the spanish \
translation <br>of the new guide and where to start?<br>Please raise your hand, thank \
you.<br><br>Greets from Spain.<br><br><br><br>Ralph M. Los \
wrote:<br><br>><br>> How about this:<br>><br>> A \
Vulnerability is defined as A) an unexpected behavior of either \
<br>> application or environment that represents a danger or B) \
an<br>> expected behavior but that has not been perceived as risk. \
This<br>> behavior normally represent a danger of CIA triad \
(Confidentiality,<br> > Integrity, Availability) being compromised \
and/or potential<br>> exploitation.<br>><br>><br>><br>> My \
2 cents + VAT<br>><br>> MgpF<br>><br>> -- Matteo \
G.P. Flora | <a href="mailto:mf@matteoflora.com"> mf@matteoflora.com</a> | <a \
href="http://www.MatteoFlora.com">www.MatteoFlora.com</a> \
Pres.<br>><br>><br>> -----------<br>><br>> If I \
may add my $0.02 in... I think a vulnerability definition \
must<br>> change slightly: <br>><br>> "... a \
condition in which an unexpected result of some action upon<br>> the \
subject gives rise to a potential for \
exploitation"<br>><br>> Ralph M. Los Information Security \
Consultant <br>><br>> _______________________________________________ \
Owasp-testing mailing<br>> list <a \
href="mailto:Owasp-testing@lists.owasp.org">Owasp-testing@lists.owasp.org</a><br>> <a \
href="http://lists.owasp.org/mailman/listinfo/owasp-testing"> \
http://lists.owasp.org/mailman/listinfo/owasp-testing</a><br>><br><br><br>_______________________________________________<br>Owasp-testing \
mailing list<br><a href="mailto:Owasp-testing@lists.owasp.org">Owasp-testing@lists.owasp.org
</a><br><a href="http://lists.owasp.org/mailman/listinfo/owasp-testing">http://lists.owasp.org/mailman/listinfo/owasp-testing</a><br></blockquote></div><br><br \
clear="all"><br>-- <br>Eoin Keary OWASP - Ireland<br><a \
href="http://www.owasp.org/local/ireland.html"> \
http://www.owasp.org/local/ireland.html</a><br><a \
href="http://www.owasp.org/index.php/OWASP_Testing_Project">http://www.owasp.org/index.php/OWASP_Testing_Project</a><br><a \
href="http://www.owasp.org/index.php/OWASP_Code_Review_Project"> \
http://www.owasp.org/index.php/OWASP_Code_Review_Project</a>
_______________________________________________
Owasp-testing mailing list
Owasp-testing@lists.owasp.org
http://lists.owasp.org/mailman/listinfo/owasp-testing
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic