New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update RailsGoat to OWASP Top Ten 2017 version #305
Comments
Is OWASP Top 10 - 2017 version official? |
shaddygarg [Today at 8:50 AM] in #project-railsgoat Al [20 minutes ago] shaddygarg [14 minutes ago] shaddygarg [14 minutes ago] |
shaddygarg [9:02 AM] The vulnerabilities A7, A9, A8 are merged into some other vulnerabilities of 2013 and other vulnerabilities are the same. Al [9:06 AM] |
2013 and 2017 can co-exist as they are farely independent of each other. The following are the new vulnerabilities that exist in 2017 which were not there in 2013:
Following were removed from 2013:
These vulnerabilities can co-exist together. So, if we add support for the 2017 version, it should not be a problem as it won't interfere with any other vulnerability. Do tell me if I am on the right track. For 2010, I am currently researching. |
@shaddygarg -- Where would you find the RailsGoat code supporting 2010 vulnerabilities? |
@jasnow -- I am currently researching for the differences between the 2010 and 2017 vulnerabilities so that for adding the 2017 vulnerabilities, I can have a better perspective of developing the vulnerabilities in such a way that they don't interfere. This way we can both preserve the vulnerabilities of 2017 along with 2013 and 2010. |
Why would we want to maintain 2010/2013 support? Typically we just upgrade master to whatever the current owasp top 10 list is. We are more concerned with Rails versions (ie - 3,4, and 5) when it comes to historical context. The OWASP Top 10 is just “whatever the latest list is”.
Sent from Ken's iPhone.
… On Mar 18, 2018, at 9:50 AM, Shaddy Garg ***@***.***> wrote:
@jasnow -- I am currently researching for the differences between the 2010 and 2017 vulnerabilities so that for adding the 2017 vulnerabilities, I can have a better perspective of developing the vulnerabilities in such a way that they don't interfere. This way we can both preserve the vulnerabilities of 2017 along with 2013 and 2010.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
@cktricky - if you want just the latest, I will change my description. |
I don’t know because I am not sure about the story/context behind it, that’s why I’m asking 😄. Know what we typically do but wasn’t sure if this was for some larger effort that was part of GSoC and I was unaware of.
Sent from Ken's iPhone.
… On Mar 18, 2018, at 5:07 PM, Al Snow ***@***.***> wrote:
Why would we want to maintain 2010/2013 support?
@cktricky - you want just the latest, I will change my description.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
@shaddygarg - FYI: Note that this GitHub idea issue has been changed to only cover the 2017 vulnerabilities. |
Spring Cleaning |
Update RailsGoat to OWASP Top Ten 2017 version.
Reference: https://www.owasp.org/index.php/Top_10-2017_Top_10
Reference: https://github.com/OWASP/Top10
OWASP Slack channel: project-top-10 (documentation)
The text was updated successfully, but these errors were encountered: