known vulnerabilities tracking is dead

[joel....@web.de]

I noticed that the tracking system for the known vulnerabilities link " " redirects only to the main page of the project :-(

Is there any chance to get the current vulnerabilities in a document or on another page?

thank you!

Joel

[joel....@web.de]

Maybe just to clearify what i'm searching for:

I'm searching for the "solutions" of the owasp bwa vulnerabilities like the ability to inject SQL in the components and the wright way of doing it. For example like injecting some malicious SQL code in a login form.

That solutions would be very helpful for me because i'm a student and want to learn more about the topic by practicing it.

An old state of that tracking website lists some details on the exploit solutions http://web.archive.org/web/20130525034246/http://sourceforge.net/apps/trac/owaspbwa/report/1

[Dale Castle]

Chuck,

  With the repository move, has the list of known vulnerabilities moved, as well? The link below is no good anymore.

http://sourceforge.net/apps/trac/owaspbwa/report/1

Dale

---------- Forwarded message ----------
From: "Joel Dönne" <joel....@web.de>
Date: Wed, Jul 9, 2014 at 11:19 AM
Subject: Aw: Re: known vulnerabilities tracking is dead
To: Dale Castle <dbca...@gmail.com>

Thank you for your response :)

 

I'm sorry that my statement maybe was to short and i think i didn't post it clear enough. I'm searching for the "solutions" of the owasp bwa vulnerabilities like the ability to inject SQL in the components and the wright way of doing it. For example like injecting some malicious SQL code in a login form.

That solutions would be very helpful for me because i'm a student and want to learn more about the topic by practicing it.

An old state of that tracking website lists some details on the exploit solutions http://web.archive.org/web/20130525034246/http://sourceforge.net/apps/trac/owaspbwa/report/1

 

Joel

 

Gesendet: Dienstag, 08. Juli 2014 um 19:43 Uhr
Von: "Dale Castle" <dbca...@gmail.com>
An: joel....@web.de
Betreff: Re: known vulnerabilities tracking is dead

Joel,

 

  I thought you were making a more profound statement. Like it was obsolete to continue to track known vulnerabilities. I'm glad is was just a bug report. ;)

 

Dale

--
You received this message because you are subscribed to the Google Groups "owaspbwa" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owaspbwa+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Dave Ferguson]

It looks like SourceForge requires a migration from Trac to something called Allura.

http://sourceforge.net/p/forge/community-docs/Migrating%20Trac%20from%20Hosted%20Apps/

-Dave

On Wednesday, July 9, 2014 11:52:25 AM UTC-5, Dale Castle wrote:

Chuck,

  With the repository move, has the list of known vulnerabilities moved, as well? The link below is no good anymore.

http://sourceforge.net/apps/trac/owaspbwa/report/1

Dale

---------- Forwarded message ----------
From: "Joel Dönne" <joel....@web.de>
Date: Wed, Jul 9, 2014 at 11:19 AM
Subject: Aw: Re: known vulnerabilities tracking is dead
To: Dale Castle <dbca...@gmail.com>

Thank you for your response :)

 

I'm sorry that my statement maybe was to short and i think i didn't post it clear enough. I'm searching for the "solutions" of the owasp bwa vulnerabilities like the ability to inject SQL in the components and the wright way of doing it. For example like injecting some malicious SQL code in a login form.

That solutions would be very helpful for me because i'm a student and want to learn more about the topic by practicing it.

An old state of that tracking website lists some details on the exploit solutions http://web.archive.org/web/20130525034246/http://sourceforge.net/apps/trac/owaspbwa/report/1

 

Joel

Gesendet: Dienstag, 08. Juli 2014 um 19:43 Uhr
Von: "Dale Castle" <dbca...@gmail.com>
An: joel....@web.de
Betreff: Re: known vulnerabilities tracking is dead

Joel,

 

  I thought you were making a more profound statement. Like it was obsolete to continue to track known vulnerabilities. I'm glad is was just a bug report. ;)

 

Dale

On Tuesday, July 8, 2014,  wrote:

I noticed that the tracking system for the known vulnerabilities link " " redirects only to the main page of the project :-(

Is there any chance to get the current vulnerabilities in a document or on another page?

thank you!

Joel

 

--
You received this message because you are subscribed to the Google Groups "owaspbwa" group.

To unsubscribe from this group and stop receiving emails from it, send an email to owaspbwa+unsubscribe@googlegroups.com.

[Chuck Willis]

Thanks for reporting this.  I've looked into it a bit and I've got a current backup of the Trac database, so no data has been lost.  There's not an easy way that I can find to import that into SourceForge's new ticketing system, but I think I can get them to do it for me if I put in a support ticket.  I'm going to try that, but I'm not 100% how well that import will work or if the new SourceForge Allura ticketing thing will work for the non-standard way that we've been using Trac.

I'll be looking into this and let you all know what I find out.

Chuck

To unsubscribe from this group and stop receiving emails from it, send an email to owaspbwa+u...@googlegroups.com.

[Chuck Willis]

I wanted to let everyone know at the known vulnerability list has been moved to SourceForge's tickets.  The best starting URL to look at them is shown below.  I will be updating the web page and user's guide to reflect this and the next release will use this on the VM's home page.

https://sourceforge.net/p/owaspbwa/tickets/?limit=999&sort=_severity+asc

Let me know if you run into any issues with this.  As we have always done, try to avoid duplicating effort and avoid entering vulnerabilities for applications where the vulnerabilities are already documented elsewhere (either within the application itself or in its documentation / web site).

Chuck