Difference between revisions of "Research page on Web Security Ratings and Disclosure Policies"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
===Project idea:===
+
{{stub}}
 +
 
 +
==New OWASP Project details==
 +
see [[How to Start an OWASP Project]]
 +
===Project ideas & brainstorming:===
 
Create an OWASP project around:
 
Create an OWASP project around:
 
* [http://diniscruz.blogspot.com/2009/12/idea-for-owasp-standard-for-public.html Idea for Owasp Standard for public rating of an website's security profile]
 
* [http://diniscruz.blogspot.com/2009/12/idea-for-owasp-standard-for-public.html Idea for Owasp Standard for public rating of an website's security profile]
 
* [http://diniscruz.blogspot.com/2009/12/comment-on-owasp-testing-and-disclosure.html Comment on OWASP testing and disclosure levels]
 
* [http://diniscruz.blogspot.com/2009/12/comment-on-owasp-testing-and-disclosure.html Comment on OWASP testing and disclosure levels]
  
see also [[How to Start an OWASP Project]]
+
===Other relevant OWASP projects===
 +
*[[:Category:OWASP Positive Security Project]]
 +
 
  
 +
== Research link==
 
===Public Disclosure Policies (by Commercial websites)===
 
===Public Disclosure Policies (by Commercial websites)===
 
* [https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/ReportingSecurityIssues-outside Paypal] Site Security Researchers
 
* [https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/ReportingSecurityIssues-outside Paypal] Site Security Researchers
Line 13: Line 20:
 
* Microsoft (link?)
 
* Microsoft (link?)
  
===Research Links===
+
===Other Links===
 
* [http://securityretentive.blogspot.com/2009/12/security-disclosure-policies-that.html Security Disclosure Policies That Remove Chilling Effects]
 
* [http://securityretentive.blogspot.com/2009/12/security-disclosure-policies-that.html Security Disclosure Policies That Remove Chilling Effects]
 
* [http://securityretentive.blogspot.com/2007/11/some-comments-on-paypals-security.html Some Comments on PayPal's Security Vulnerability Disclosure Policy]
 
* [http://securityretentive.blogspot.com/2007/11/some-comments-on-paypals-security.html Some Comments on PayPal's Security Vulnerability Disclosure Policy]

Revision as of 07:51, 8 January 2010

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.


Contents

New OWASP Project details

see How to Start an OWASP Project

Project ideas & brainstorming:

Create an OWASP project around:

Other relevant OWASP projects


Research link

Public Disclosure Policies (by Commercial websites)

  • Paypal Site Security Researchers
  • Facebook Report a Possible Security Vulnerability
  • Salesforce.com Vulnerability Reporting Policy
  • Wesabe Contacting Security - We want to hear from you (security@wesabe.com, GPG key
  • Microsoft (link?)

Other Links

Questions to answer

Question: What types of vulnerability testing is implicitly allowed? (XSS, SQLi,,XSRF)