Difference between revisions of "Research page on Web Security Ratings and Disclosure Policies"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
===Project idea:===
 
===Project idea:===
 +
Create an OWASP project around:
 +
* [http://diniscruz.blogspot.com/2009/12/idea-for-owasp-standard-for-public.html Idea for Owasp Standard for public rating of an website's security profile]
 +
* [http://diniscruz.blogspot.com/2009/12/comment-on-owasp-testing-and-disclosure.html Comment on OWASP testing and disclosure levels]
 +
 +
see also [[How to Start an OWASP Project]]
  
 
===Public Disclosure Policies (by Commercial websites)===
 
===Public Disclosure Policies (by Commercial websites)===
Line 5: Line 10:
 
* [http://www.facebook.com/security?v=app_6009294086 Facebook] Report a Possible Security Vulnerability  
 
* [http://www.facebook.com/security?v=app_6009294086 Facebook] Report a Possible Security Vulnerability  
 
* [http://www.salesforce.com/company/disclosure.jsp Salesforce.com] Vulnerability Reporting Policy
 
* [http://www.salesforce.com/company/disclosure.jsp Salesforce.com] Vulnerability Reporting Policy
* [https://www.wesabe.com/page/security-contact Wesabe] Contacting Security - We want to hear from you
+
* [https://www.wesabe.com/page/security-contact Wesabe] Contacting Security - We want to hear from you (security@wesabe.com, [https://www.wesabe.com/downloads/wesabe-public-key.asc GPG key]
 
* Microsoft (link?)
 
* Microsoft (link?)
  

Revision as of 07:28, 8 January 2010

Project idea:

Create an OWASP project around:

see also How to Start an OWASP Project

Public Disclosure Policies (by Commercial websites)

  • Paypal Site Security Researchers
  • Facebook Report a Possible Security Vulnerability
  • Salesforce.com Vulnerability Reporting Policy
  • Wesabe Contacting Security - We want to hear from you (security@wesabe.com, GPG key
  • Microsoft (link?)

Research Links

Questions to answer

Question: What types of vulnerability testing is implicitly allowed? (XSS, SQLi,,XSRF)