Candidate OWASP Top 10 Client-Side Security Risks posted

[Dave Wichers]

All,

I know this mailing list is really small :-), but hopefully it will start growing soon!  Anyway, I just updated the project home page: https://owasp.org/www-project-top-10-client-side-security-risks/, with the list of 10 candidates for this Top 10.

Please forward info about this to anyone you know interested in this topic and encourage them to join this mailing list and provide feedback. Now we need to get the word out on this work!

Thanks everyone.

-Dave

[Jim Manico]

Here we go!

https://twitter.com/manicode/status/1542615418724298752?s=21&t=x3p78eVxu2c_0kElxQtkEA

and

https://www.linkedin.com/posts/jmanico_owasp-top-10-client-side-security-risks-activity-6948381486530142208-vNQi?utm_source=linkedin_share&utm_medium=member_desktop_web

Getting the word out....

- Jim

[Dave Wichers]

Thanks Jim!

> On Jun 30, 2022, at 5:08 PM, Jim Manico <jim.m...@owasp.org> wrote:
>
> Here we go!

[Jim Manico]

Absolutely, great project!

--
Jim Manico
@Manicode
(808) 652-3805

> On Jun 30, 2022, at 1:31 PM, Dave Wichers <dave.w...@owasp.org> wrote:
>
> Thanks Jim!

[Jim Weiler]

In the second paragraph -  Mobile apps are frequently the client-side of a web app, where the server-side of the web app provides REST services to the mobile app . I think the client side of an app is either web  (browser) or native mobile app. And the server side isn't always REST. So I would delete the word 'web' and say  Mobile apps are frequently the client-side of an app, where the server-side of the app provides API services to the mobile app 

[Dave Wichers]

Sounds reasonable to me.

-Dave

[Ivan Tsarynny]

Thanks Jim. 

That makes sense. I will get to it on Sunday. 
Thanks

Ivan 

___

1-647-299-0956

On Aug 12, 2022, at 6:52 PM, Dave Wichers <dave.w...@owasp.org> wrote:



[Jim Weiler]

Hi Folks,

I'm going to  retire Dec. 31,  so naturally I want to spend more time on OWASP stuff. Planning to add remediations next year, if we are still planning to add them. Any other tasks I can plan to do?

Jim

[Lavakumar Kuppan]

Hello Jim,

Best wishes for your retirement.

I vote for adding remediations.

Ideally I would want us to get to a point where we have content parity with the OWASP Top 10.

Each of the OWASP Top 10 items have a separate page dedicated to it with overview, description, remediation and examples.

Would love to contribute if you need an extra hand in your remediation work.

Thanks,

Lava

---- On Thu, 03 Nov 2022 03:39:41 +0530 Jim Weiler <jim.w...@owasp.org> wrote ---

--
You received this message because you are subscribed to the Google Groups "Top 10 Client Side Security Risks" group.
To unsubscribe from this group and stop receiving emails from it, send an email to top10-client-side-secu...@owasp.org.

[Dave Wichers]

We definitely need the help Lava. Ivan just needs to organize the next steps and getting everyone marching orders to get the project moving forward again.

Ivan??

-Dave

[ivan tsarynny]

Lava, thanks! 

That’s a great recommendation. Jim W., let’s get it updated and moved to the next stage before your retirement! Hope you can still be available after December 31st.

The most updated version is here. Let’s meet this coming week to get going. 

How is 9am et on November 8th, 9th, or 10th?

thanks

Ivan 

[ivan tsarynny]

Hi Lava. Jim W. and Jim M. Are you available at any of these times?

Thanks 

Ivan 

[Lavakumar Kuppan]

Hi Ivan,

I am available on the 9th and 10th at 9AM ET.

Thanks,

Lava

---- On Tue, 08 Nov 2022 03:06:12 +0530 ivan tsarynny <ivan.t...@owasp.org> wrote ---

[Jim Manico]

I am teaching all week but am free next week.

--

Jim Manico

@Manicode

(808) 652-3805

On Nov 7, 2022, at 11:12 PM, Lavakumar Kuppan <la...@sboxr.com> wrote:



[Lavakumar Kuppan]

I will be at Blackhat MEA so next week doesn't work for me.  

I can do this between 21st Nov - 3rd Dec.

If others can share their available dates too then we can pick a date with mutual overlap. 

---- On Tue, 08 Nov 2022 20:17:23 +0530 Weiler, James <James....@marriott.com> wrote ---

MARRIOTT CONFIDENTIAL AND PROPRIETARY INFORMATION

I’m available on the 10^th at 9 am. There’s no hurry to do things before my retirement – I’m busier at work wrapping things up. I will have lots of time for OWASP after retirement.

Next week is fine too.

 

Jim Weiler

Director, Integration Management – Application Security

Global Information Security

239 Old Jail Lane, Barnstable MA. 02630

781-654-6048  (M)

 

From: Jim Manico <jim.m...@owasp.org>
Sent: Tuesday, November 8, 2022 9:08 AM
To: Lavakumar Kuppan <la...@sboxr.com>
Cc: ivan tsarynny <ivan.t...@owasp.org>; dave wichers <dave.w...@owasp.org>; jim weiler <jim.w...@owasp.org>; top 10 client side security risks <top10-client-side-...@owasp.org>
Subject: Re: Candidate OWASP Top 10 Client-Side Security Risks posted

 

This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments

MARRIOTT CONFIDENTIAL AND PROPRIETARY INFORMATION

[ivan tsarynny]

Looks like Nov 10th @9am et works for most of the team. I will send meeting invasion shortly. 

Jim M., how is Nov 16th at 9am et for you?

[Lavakumar Kuppan]

Thank you Ivan!

---- On Wed, 09 Nov 2022 00:24:58 +0530 ivan tsarynny <ivan.t...@owasp.org> wrote ---