In this morning’s news I saw a reference to a project on OWASP that documents the vulnerabilities in web applications and someone who is keeping a public repository of those vulnerabilities. I called and spoke with Simon Bennetts, co-lead of the project with Raul Siles, to hear his thoughts on where this leads and what his vision is for the future of web application security.
Listen to the full interview: Simon Bennetts – OWASP Web Applications Vulnerability Project
Highlights of our Discussion
00:34 – How did the project start
02:50 – Directory vs repository
03:30 – How large is the data set
04:15 – How do you anticipate people will use the information
04:45 – Future vision for the project
05:40 – Final thoughts on bug bounties
About Simon Bennetts
Simon Bennetts (a.k.a. Psiinon) has been developing web applications since 1997, and strongly believes that you cannot build secure web applications without knowing how to attack them. He works for Mozilla as part of their Security Team.
Bennetts started the OWASP Zed Attack Proxy project, and leads the international group of volunteers who develop it. He is also one of the founders of the OWASP Manchester chapter and the OWASP Data Exchange Format project.