This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP WASC Web Hacking Incidents Database Project"

From OWASP
Jump to: navigation, search
(Volunteers)
(Road Map and Getting Involved)
Line 109: Line 109:
  
 
= Road Map and Getting Involved =
 
= Road Map and Getting Involved =
As of XXX, the priorities are:
+
* We are always looking for new methods of identifying real-world web compromise data sources. If you have any ideas, please contact us.
* xxx
+
* We are also looking for new ways to store and analyze the data.  Currently we utilize [http://tables.googlelabs.com/ Google's FusionTables] to store our raw data.  If you have recommendations for improvements, please let us know.
* xxx
 
* xxx
 
  
Involvement in the development and promotion of XXX is actively encouraged!
+
Involvement in the development and promotion of WHID is actively encouraged!
 
You do not have to be a security expert in order to contribute.
 
You do not have to be a security expert in order to contribute.
 
Some of the ways you can help:
 
Some of the ways you can help:
* xxx
+
* If you have identified a possible WHID candidate, please use of the following methods to notify the WHID project team:
* xxx
+
<ol>
 
+
<li>Send an email to - owaspwhid_at_owasp.org</li>
 
+
<li>Send a tweet to [https://twitter.com/owaspwhid @owaspwhid]</li>
 +
<li>Enter a link in the [https://spreadsheets.google.com/spreadsheet/embeddedform?formkey=dHktV0FmWGMyTDZPbkZtOEJXNzhPbXc6MQ WHID Submittal Form]</li>
 +
</ol>
  
 
=Project About=
 
=Project About=

Revision as of 20:04, 18 February 2014

OWASP Project Header.jpg

OWASP WASC Web Hacking Incidents Database Project

The OWASP WASC Web Hacking Incidents Database Project is a project dedicated to maintaining a list of web applications related security incidents.

Description

WHID goal is to serve as a tool for raising awareness of the web application security problem and provide information for statistical analysis of web applications security incidents. The database is unique in tracking only media reported security incidents that can be associated with a web application security vulnerability. This data is in contrast to many public statistics reports on vulnerability prevalence in that it shows what types of vulnerabilities attackers are actively exploiting.

Licensing

The OWASP WASC Web Hacking Incidents Database Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


What is WHID?

OWASP WHID provides:

  • Statistics of real-world web hacking incidents.
  • Threat-Views:
    • Consultant - Attack
    • Developer - Weakness
    • Business Owner - Outcome

Presentation

Project Leader

Mail-List

Twitter

Related Projects


Quick Download

News and Events

  • [20 Nov 2013] News 2
  • [30 Sep 2013] News 1


Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg
How is WHID different than the OWASP Top 10?
The OWASP Top 10 Risks applies a community-based Threat Model discussion to estimate the top risks to web applications. OWASP WHID, on the other hand, focuses mainly on Attack Liklihood rather than Vulnerability Prevalence.
How do I submit a WHID Incident?
If you have identified a possible WHID candidate, please use of the following methods to notify the WHID project team:
  1. Send an email to - owaspwhid_at_owasp.org
  2. Send a tweet to @owaspwhid
  3. Enter a link in the WHID Submittal Form

Volunteers

The WHID project is only as good as it's entries. The primary contributors to date have been:

Others

  • xxx
  • xxx
  • We are always looking for new methods of identifying real-world web compromise data sources. If you have any ideas, please contact us.
  • We are also looking for new ways to store and analyze the data. Currently we utilize Google's FusionTables to store our raw data. If you have recommendations for improvements, please let us know.

Involvement in the development and promotion of WHID is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • If you have identified a possible WHID candidate, please use of the following methods to notify the WHID project team:
  1. Send an email to - owaspwhid_at_owasp.org
  2. Send a tweet to @owaspwhid
  3. Enter a link in the WHID Submittal Form
PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP WASC Web Hacking Incidents Database Project (home page)
Purpose: The web hacking incident database (WHID) is a project dedicated to maintaining a list of web applications related security incidents. WHID goal is to serve as a tool for raising awareness of the web application security problem and provide information for statistical analysis of web applications security incidents. The database is unique in tracking only media reported security incidents that can be associated with a web application security vulnerability. This data is in contrast to many public statistics reports on vulnerability prevalence in that it shows what types of vulnerabilities attackers are actively exploiting.
License: Creative Commons Attribution ShareAlike 3.0 License
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases