Difference between revisions of "Research page on Web Security Ratings and Disclosure Policies"

From OWASP
Jump to: navigation, search
Line 26: Line 26:
 
* [http://www.thesecuritypractice.com/the_security_practice/2009/10/an-ethical-framework-for-information-security-research.html An ethical framework for information security research]
 
* [http://www.thesecuritypractice.com/the_security_practice/2009/10/an-ethical-framework-for-information-security-research.html An ethical framework for information security research]
 
* [http://www.thesecuritypractice.com/the_security_practice/2008/02/disclosure-poli.html Disclosure policies – what constitutes “responsible” disclosure, vs irresponsible disclosure?]
 
* [http://www.thesecuritypractice.com/the_security_practice/2008/02/disclosure-poli.html Disclosure policies – what constitutes “responsible” disclosure, vs irresponsible disclosure?]
 +
* [http://n0where.org/samsara-20090924.pdf Disclosure Samsara] The Endless Responsible Vulnerability Disclosure Debate (Slides 32-34 have responsible disclosure recommendations for organizations)
  
 
===Questions to answer===
 
===Questions to answer===
 
Question: What types of vulnerability testing is implicitly allowed? (XSS, SQLi,,XSRF)
 
Question: What types of vulnerability testing is implicitly allowed? (XSS, SQLi,,XSRF)

Revision as of 08:52, 12 January 2010

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.


Contents

New OWASP Project details

see How to Start an OWASP Project

Project ideas & brainstorming:

Create an OWASP project around:

Other relevant OWASP projects

Research link

Public Disclosure Policies (by Commercial websites)

Other Links

Questions to answer

Question: What types of vulnerability testing is implicitly allowed? (XSS, SQLi,,XSRF)