Matasano: Vulneraility Reporting in a Web 2.0 World. Same old security problems, just no one to report it to or fix 'em.
Step #1: I send in a vulnerability report. I explain the vulnerability in a concise email and include repro steps.
Thanks for the tip, David. It’s been noted.
BTW, most of the talks at OWASP Milan last week were on Web 2.0 attacks.
|Web 1.0||Web 2.0|
|Attack server||---->||Attack client & server|
|Attack sites||---->||Attack sites & users|
|Web 1.0 security model||---->||Web 1.0 security model|
|OWASP Top 10||---->||CVE 400|