http://www.darknet.org.uk/2009/01/owasp-open-web-application-security-project-testing-guide-v3-released/ Ethical Hacking, Penetration Testing & Computer Security Sun, 08 Nov 2009 07:15:43 +0000 http://wordpress.org/?v=2.8.5 hourly 1 http://www.darknet.org.uk/2009/01/owasp-open-web-application-security-project-testing-guide-v3-released/#comment-125371 Bogwitch Mon, 12 Jan 2009 17:55:21 +0000 http://www.darknet.org.uk/?p=1375#comment-125371 The security assessments I have performed indicates that website developers and application developers have never heard of OWASP. When pointed to OWASP the remarks are often "But that's about security, not web design" - and I think the problem stems from there. Web designers are all-to-often graphic artists, and have cut their teeth in environments where the application software they need to run, runs with elevated privileges, they have access to large portions of systems to aid in publication of content and therefore believe they are above security or that it doesn't apply to them. The security assessments I have performed indicates that website developers and application developers have never heard of OWASP. When pointed to OWASP the remarks are often “But that’s about security, not web design” – and I think the problem stems from there. Web designers are all-to-often graphic artists, and have cut their teeth in environments where the application software they need to run, runs with elevated privileges, they have access to large portions of systems to aid in publication of content and therefore believe they are above security or that it doesn’t apply to them.

]]>