Wednesday, October 18, 2006

Web Application Security Mailing Lists 101

The web application security "community" has always been based primarily on email interaction. Right now, the somewhat annoying situation exists that there is no one "main" mailing list that you can just join, there are several. The only way to get as many experts as possible to read your emails, is to cross-post.

webappsec@securityfocus.com
subscribe: webappsec-subscribe@securityfocus.com
archive: http://www.securityfocus.com/archive/107
info: http://www.securityfocus.com/archive/107/description

This is the original web application security list. It is so old that it was originally called "mobile code" because it predates any of the modern terminology of web applications. This is the place where OWASP was incubated. Unfortunately, in recent years the list has suffered from long posting delays (due to inconsistent moderation), and tons and tons of crap bouncing back at your every time you post, and alleged lack of responsiveness on the part of the hosting company.

websecurity@webappsec.org
subscribe: websecurity-subscribe@webappsec.org
archive: http://www.webappsec.org/lists/websecurity/archive/
info: http://www.webappsec.org/lists/websecurity/

Started in 2005, and took some of momentum and users away from the first list. Smart people almost immediately subscribed to both lists.

webappsec@lists.owasp.org
subscribe using web form: http://lists.owasp.org/mailman/listinfo/webappsec
archive: http://lists.owasp.org/pipermail/webappsec/

This is the newest list, and is the result of OWASP finally getting fed up with the problems with the old list, and creating their own. So now you need to subscribe to THREE lists.

your local OWASP chapter

You probably also want to join the mailing list for your local OWASP chapter, assuming you have one in your city. All of them are listed here:

http://lists.owasp.org/mailman/listinfo

Comments: