lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAH8yC8mLyZa0Vew4T7R=-mLfBb1ARKg_P0=vLKGsbLCkcnj5Tg@mail.gmail.com>
Date: Mon, 20 Feb 2012 21:04:34 -0500
From: Jeffrey Walton <noloader@...il.com>
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>,
	FunSec List <funsec@...uxbox.org>
Subject: Fwd: [Webappsec] Call for Assistance: OWASP
	Virtual Patching Survey

From the folks at OWASP. Please take a moment to provide feedback if
you have helpful comments.

---------- Forwarded message ----------
From: Ryan Barnett <rcbarnett@...il.com>
Date: Mon, Feb 20, 2012 at 10:25 AM
Subject: [Webappsec] Call for Assistance: OWASP Virtual Patching Survey
To: webappsec@...ts.owasp.org

Identification of web application vulnerabilities is only half the
battle with remediation efforts as the other.  In an ideal world,
application defects could be quickly fixed within the application's
code and pushed out into production rapidly.  Let’s face the facts,
there are many real world business scenarios where it is not possible
to update web application code in either a timely manner or at all.
This is where the tactical use-case of implementing virtual patches to
reduce attack surface plays a critical role.

In an effort to obtain valid data on virtual patching processes and
challenges, OWASP has created a community survey.  If your
organization leverages virtual patching as a part of your remediation
strategy, please fill out the survey -
https://www.surveymonkey.com/s/76YQH5J

It is only 10 questions and by taking the survey, you could also win a
free spot in the upcoming OWASP AppSecDC Virtual Patching Workshop.

Thanks for your help.

--
Ryan Barnett
Trustwave SpiderLabs
ModSecurity Project Leader
OWASP ModSecurity CRS Project Leader

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ