[Owasp-testing] Updated Index draft

kevin horvath kevin.horvath at gmail.com
Tue May 27 21:28:48 EDT 2008 

very cool.  ;-)

On Tue, May 27, 2008 at 9:16 PM, Cecil Su (GTEC Labs)
<cecil.su at gtec.org.sg> wrote:
> That's the initial/original plan!
>
> :)
>
>> I have no issue with that as long its mentioned in the section.  Thanks.
>>
>> On Tue, May 27, 2008 at 11:20 AM, Matteo Meucci <matteo.meucci at gmail.com>
>> wrote:
>>> Hi Kevin,
>>> that's great!
>>> I've updated the index:
>>> https://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Table_of_Contents
>>>
>>> I think that "4.6.3 Testing for Privilege Escalation" is sufficient to
>>> describe horizontal and vertical escalations, otherwise we will create
>>> too much articles :) Are you agree?
>>>
>>> Mat
>>>
>>> On Tue, May 27, 2008 at 4:28 PM, kevin horvath <kevin.horvath at gmail.com>
>>> wrote:
>>>> Hello Matt,
>>>>
>>>> I am interested in writing the sections:
>>>>
>>>> (new) 4.2.3 Identify application entry points
>>>> (new) 4.7.3 Testing for Cookies attributes
>>>> 4.5.3 Testing for Guessable (Dictionary) User Account
>>>> (toimp)4.4 Business Logic Testing
>>>>
>>>> I also think that we should have a section after 4.6.3 for horizontal
>>>> privilege attacks.
>>>> 4.6.3 Testing for Privilege Escalation
>>>> -This section covers gaining access to priviliges above what was
>>>> allocated to you but not making transactions as another user with the
>>>> same privilege level.  Or you could cover all of the above and just
>>>> make note with parenthesis next to 4.6.3 with (horizontal and
>>>> veritical escalation).
>>>>
>>>>
>>>> Thanks
>>>> Kevin
>>>>
>>>> On Sun, May 25, 2008 at 8:09 AM, Matteo Meucci
>>>> <matteo.meucci at gmail.com> wrote:
>>>>> Hi all,
>>>>> here is the updated index table:
>>>>> https://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Table_of_Contents
>>>>> https://www.owasp.org/index.php/OWASP_Testing_Project_v3_Roadmap
>>>>>
>>>>> What do you think about that?
>>>>> There are a lot of new articles to write or to improve, so tell me if
>>>>> you are interested writing a particular section.
>>>>> We will write from the 1st June to the 30th June.
>>>>> Daniel, Eoin, what is your opinion?
>>>>>
>>>>> Thanks,
>>>>> Mat
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Matteo Meucci
>>>>> OWASP-Italy Chair, CISSP, CISA
>>>>> http://www.owasp.org/index.php/Italy
>>>>> OWASP Testing Guide lead
>>>>> http://www.owasp.org/index.php/Testing_Guide
>>>>> _______________________________________________
>>>>> Owasp-testing mailing list
>>>>> Owasp-testing at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Matteo Meucci
>>> OWASP-Italy Chair, CISSP, CISA
>>> http://www.owasp.org/index.php/Italy
>>> OWASP Testing Guide lead
>>> http://www.owasp.org/index.php/Testing_Guide
>>>
>> _______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>
>
>
>

More information about the Owasp-testing mailing list