[Owasp-testing] Updated Index draft
kevin.horvath at gmail.com
Tue May 27 14:47:02 EDT 2008
I have no issue with that as long its mentioned in the section. Thanks.
On Tue, May 27, 2008 at 11:20 AM, Matteo Meucci <matteo.meucci at gmail.com> wrote:
> Hi Kevin,
> that's great!
> I've updated the index:
> I think that "4.6.3 Testing for Privilege Escalation" is sufficient to
> describe horizontal and vertical escalations, otherwise we will create
> too much articles :) Are you agree?
> On Tue, May 27, 2008 at 4:28 PM, kevin horvath <kevin.horvath at gmail.com> wrote:
>> Hello Matt,
>> I am interested in writing the sections:
>> (new) 4.2.3 Identify application entry points
>> (new) 4.7.3 Testing for Cookies attributes
>> 4.5.3 Testing for Guessable (Dictionary) User Account
>> (toimp)4.4 Business Logic Testing
>> I also think that we should have a section after 4.6.3 for horizontal
>> privilege attacks.
>> 4.6.3 Testing for Privilege Escalation
>> -This section covers gaining access to priviliges above what was
>> allocated to you but not making transactions as another user with the
>> same privilege level. Or you could cover all of the above and just
>> make note with parenthesis next to 4.6.3 with (horizontal and
>> veritical escalation).
>> On Sun, May 25, 2008 at 8:09 AM, Matteo Meucci <matteo.meucci at gmail.com> wrote:
>>> Hi all,
>>> here is the updated index table:
>>> What do you think about that?
>>> There are a lot of new articles to write or to improve, so tell me if
>>> you are interested writing a particular section.
>>> We will write from the 1st June to the 30th June.
>>> Daniel, Eoin, what is your opinion?
>>> Matteo Meucci
>>> OWASP-Italy Chair, CISSP, CISA
>>> OWASP Testing Guide lead
>>> Owasp-testing mailing list
>>> Owasp-testing at lists.owasp.org
> Matteo Meucci
> OWASP-Italy Chair, CISSP, CISA
> OWASP Testing Guide lead
More information about the Owasp-testing