WASC releases Threat Classification

Posted by ivanr on July 28, 2004.

They've been very quiet for a number of months and now you know what they have been doing - working on the Threat Classification document. The goal of the document is to establish a common web security vocabulary in order to avoid confusion among developers. Problems are categorized in six classes: "Authentication, Authorization, Client-side Attacks, Command Execution, Information Disclosure, and Logical Attacks". There are 24 problem definitions in total.

Posted by ivanr at 03:13 PM

Going to Foo Camp Europe in August

Posted by ivanr on July 25, 2004.

I will be at the Foo Camp Europe (also known as EFoo) this year - August 20-22 in the Netherlands. After organizing the camp in the US last year (here's the CNN report), I am glad O'Reilly decided to organize an equivalent in Europe. The difference this time is that EFoo is not a camp at all, we get to stay at hotels after all. Which is good as far as I am concerned, since I don't like camping that much.

Posted by ivanr at 07:09 PM