In this morning's news I saw a reference to a project on OWASP that documents the vulnerabilities in web applications and someone who is keeping a public repository of those vulnerabilities. I called and spoke with Simon Bennetts, co-lead of the project with Raul Siles, to hear his thoughts on where this leads and what his vision is for the future of web application security. Highlights of our Discussion 00:34 - How did the project start 02:50 - Directory vs repository 03:30 - How large is the data set 04:15 - How do you anticipate people will use the information 04:45 - Future vision for the project 05:40 - Final thoughts on bug bounties About Simon Bennetts Simon Bennetts (a.k.a. Psiinon) has been developing web applications since 1997, and strongly believes that you cannot build secure web applications without knowing how to attack them. He works for Mozilla as part of their Security Team. Bennetts started the OWASP Zed Attack Proxy project, and leads the international group of volunteers who develop it. He is also one of the founders of the OWASP Manchester chapter and the OWASP Data Exchange Format project.
In this morning's news I saw a reference to a project on OWASP that documents the vulnerabilities in web applications and someone who is keeping a public repository of those vulnerabilities. I called and spoke with Simon Bennetts, co-lead of the project with Raul Siles, to hear his thoughts on where this leads and what his vision is for the future of web application security. Highlights of our Discussion 00:34 - How did the project start 02:50 - Directory vs repository 03:30 - How large is the data set 04:15 - How do you anticipate people will use the information 04:45 - Future vision for the project 05:40 - Final thoughts on bug bounties About Simon Bennetts Simon Bennetts (a.k.a. Psiinon) has been developing web applications since 1997, and strongly believes that you cannot build secure web applications without knowing how to attack them. He works for Mozilla as part of their Security Team. Bennetts started the OWASP Zed Attack Proxy project, and leads the international group of volunteers who develop it. He is also one of the founders of the OWASP Manchester chapter and the OWASP Data Exchange Format project.