[OWASP-TESTING] Next stage
Ralph M. Los
Ralph at boundariez.com
Thu Jun 23 07:41:05 EDT 2005
Since I'm working on this as we speak for an Internet Banking
site, the Authentication section, "Weak Forgot Password Implementation"
section sounds good if no one else has taken it already. I'll also add
the "Weak PIN or password requirements..." section as well. I'm
working. I my also be able to provide some input on "Input Validation"
as it relates to XSS or any of the other validation issues. If whom
ever is going to take that section wants to collaborate, that would be
Been out for a while since I got married, I'm back now though :)
From: owasp-testing-admin at lists.sourceforge.net
[mailto:owasp-testing-admin at lists.sourceforge.net] On Behalf Of Daniel
Sent: Tuesday, June 21, 2005 5:05 AM
To: owasp-testing at lists.sourceforge.net
Subject: [OWASP-TESTING] Next stage
Sorry for the short break in the testing guide progress, the real world
caught up with me.
Attached are the documents needed for the next part of the guide, and
Testing Guide II Structure.doc
This is the final TOC as we agreed and next to each section, there is
the option to add your name and your e-mail address(i.e you will be
writing this section)
If you could structure all your submissions using this template (you can
use any format you like, word/text/xml, as long as i can read it on a
Guidelines for creating sections:
- DO NOT DO A STRAIGHT COPY FROM ANY OTHER SOURCES ON THE WEB!
Plagiarism won't be accepted.
This testing guide should reflect the experience you all have in
application testing. One of the benefits of OWASP is that the wealth of
experience from the contributors enables the reader to understand the
section they are reading, as it is presented in a well structured
format, which unlike a large amount of research papers on the web today,
isn't normally the case.
- Try and use examples where possible and also let other "non- security"
individuals read what you have written. This ensures that it makes sense
to everyone and not just the hardcore penetration testers out there.
- I understand everyone has a life and work commitments, so please don't
select loads of sections if you know you may not be able to commit to
them in the end run.
- Contact me if you have any issues during this next phase
I think we should aim to have all the sections written by mid August,
how does this sound for everyone?
Obviously if you feel there is a section missing from the TOC, by all
means contact me
Look forward to seeing the work coming in
More information about the Owasp-testing