This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Research page on Web Security Ratings and Disclosure Policies
From OWASP
Revision as of 12:28, 8 January 2010 by Dinis.cruz (talk | contribs)
Project idea:
Create an OWASP project around:
- Idea for Owasp Standard for public rating of an website's security profile
- Comment on OWASP testing and disclosure levels
see also How to Start an OWASP Project
Public Disclosure Policies (by Commercial websites)
- Paypal Site Security Researchers
- Facebook Report a Possible Security Vulnerability
- Salesforce.com Vulnerability Reporting Policy
- Wesabe Contacting Security - We want to hear from you ([email protected], GPG key
- Microsoft (link?)
Research Links
- Security Disclosure Policies That Remove Chilling Effects
- Some Comments on PayPal's Security Vulnerability Disclosure Policy
- Communicating a Site Security Policy
- An ethical framework for information security research
- Disclosure policies – what constitutes “responsible” disclosure, vs irresponsible disclosure?
Questions to answer
Question: What types of vulnerability testing is implicitly allowed? (XSS, SQLi,,XSRF)
