This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Summit 2011 Working Sessions/Session201

Revision as of 16:56, 4 February 2011 by Kcfredman (talk | contribs)

Jump to: navigation, search

Global Summit 2011 Home Page
Global Summit 2011 Tracks

WS. individual projects.jpg OWASP Common vulnerability list
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.
Short Work Session Description There are many OWASP projects like OWASP Testing Guide, OWASP Code Review Guide, OWASP Developers Guide, etc which discuss on how to look for and remediate various vulnerabilities in a web application. For e.g., people using OWASP Testing Guide to test for vulnerabilities in their application can go through a list of vulnerabilities and test for it but there is no easy way for them to cross reference to dev guide to jump to a specific section and be able to access the relevant information quickly. These vulnerabilities are discussed as individual list in all the guides and there is no easy way to cross-reference all of them.

OWASP Common Vulnerability List will be a lightweight list, which will contain only the vulnerability ID, category, vulnerability name and a brief description. The main objective of this list is to provide a common platform for other guides and tools to provide a link to each other.

Related Projects (if any)

Email Contacts & Roles Chair
Matteo Meucci @
Eoin Keary @
Anurag Agarwal @
Operational Manager
Mailing list
Subscription Page
  1. Build the first version of the OWASP Common vulnerability list

Venue/Date&Time/Model Venue/Room
OWASP Global Summit Portugal 2011
Date & Time

Discussion Model
participants and attendees


The goals of OWASP common vulnerability list are:

1. Serve as a common list to all other OWASP initiatives (Dev Guide, Testing Guide, CR Guide, etc) which has any reference to web application vulnerabilities (just like OWASP common numbering scheme).
2. Can be referenced by various open source and commercial tools as the list of vulnerabilities being identified or for any other purpose.
3. Provides a clear requirement for PCI and other compliance laws

Proposed by Working Group Approved by OWASP Board

Debating the vulnerability list and deliver the first version of the project.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

After the Board Meeting - fill in here.

Working Session Participants

(Add you name by clicking "edit" on the tab on the upper left side of this page)

Name Company Notes & reason for participating, issues to be discussed/addressed
Vishal Garg @
AppSecure Labs

Keith Turpin @

Fred Donovan @