[Owasp-testing] Updated Index draft

kevin horvath kevin.horvath at gmail.com
Tue May 27 14:47:02 EDT 2008 

I have no issue with that as long its mentioned in the section.  Thanks.

On Tue, May 27, 2008 at 11:20 AM, Matteo Meucci <matteo.meucci at gmail.com> wrote:
> Hi Kevin,
> that's great!
> I've updated the index:
> https://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Table_of_Contents
>
> I think that "4.6.3 Testing for Privilege Escalation" is sufficient to
> describe horizontal and vertical escalations, otherwise we will create
> too much articles :) Are you agree?
>
> Mat
>
> On Tue, May 27, 2008 at 4:28 PM, kevin horvath <kevin.horvath at gmail.com> wrote:
>> Hello Matt,
>>
>> I am interested in writing the sections:
>>
>> (new) 4.2.3 Identify application entry points
>> (new) 4.7.3 Testing for Cookies attributes
>> 4.5.3 Testing for Guessable (Dictionary) User Account
>> (toimp)4.4 Business Logic Testing
>>
>> I also think that we should have a section after 4.6.3 for horizontal
>> privilege attacks.
>> 4.6.3 Testing for Privilege Escalation
>> -This section covers gaining access to priviliges above what was
>> allocated to you but not making transactions as another user with the
>> same privilege level.  Or you could cover all of the above and just
>> make note with parenthesis next to 4.6.3 with (horizontal and
>> veritical escalation).
>>
>>
>> Thanks
>> Kevin
>>
>> On Sun, May 25, 2008 at 8:09 AM, Matteo Meucci <matteo.meucci at gmail.com> wrote:
>>> Hi all,
>>> here is the updated index table:
>>> https://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Table_of_Contents
>>> https://www.owasp.org/index.php/OWASP_Testing_Project_v3_Roadmap
>>>
>>> What do you think about that?
>>> There are a lot of new articles to write or to improve, so tell me if
>>> you are interested writing a particular section.
>>> We will write from the 1st June to the 30th June.
>>> Daniel, Eoin, what is your opinion?
>>>
>>> Thanks,
>>> Mat
>>>
>>>
>>>
>>> --
>>> Matteo Meucci
>>> OWASP-Italy Chair, CISSP, CISA
>>> http://www.owasp.org/index.php/Italy
>>> OWASP Testing Guide lead
>>> http://www.owasp.org/index.php/Testing_Guide
>>> _______________________________________________
>>> Owasp-testing mailing list
>>> Owasp-testing at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>>
>>
>
>
>
> --
> Matteo Meucci
> OWASP-Italy Chair, CISSP, CISA
> http://www.owasp.org/index.php/Italy
> OWASP Testing Guide lead
> http://www.owasp.org/index.php/Testing_Guide
>

More information about the Owasp-testing mailing list