[Owasp-testing] Updated Index draft
Dave van Stein
dvstein at gmail.com
Thu May 29 17:39:44 EDT 2008
Mat,
If Marco doesn't mind I don't either.
Marco, shall I peer-review your sections when you're done or do you have
sections which you want me to write ?
dave
2008/5/29 Matteo Meucci <matteo.meucci at gmail.com>:
> Hi Dave,
> thank you.
>
> Marco is writing these sections. May you cooperate with Marco?
>
> Thanks,
> Mat
>
> On Tue, May 27, 2008 at 6:14 PM, Dave van Stein <dvstein at gmail.com> wrote:
> > Mat,
> >
> > I will try to write something for chapter 2.4, 2.4.1 and 2.4.3, although
> I
> > might need some input in topics and subjects which need to be included
> ...
> > (call it stage fever ...)
> >
> > dave
> >
> > 2008/5/27 Matteo Meucci <matteo.meucci at gmail.com>:
> >>
> >> Hi Kevin,
> >> that's great!
> >> I've updated the index:
> >>
> https://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Table_of_Contents
> >>
> >> I think that "4.6.3 Testing for Privilege Escalation" is sufficient to
> >> describe horizontal and vertical escalations, otherwise we will create
> >> too much articles :) Are you agree?
> >>
> >> Mat
> >>
> >> On Tue, May 27, 2008 at 4:28 PM, kevin horvath <kevin.horvath at gmail.com
> >
> >> wrote:
> >> > Hello Matt,
> >> >
> >> > I am interested in writing the sections:
> >> >
> >> > (new) 4.2.3 Identify application entry points
> >> > (new) 4.7.3 Testing for Cookies attributes
> >> > 4.5.3 Testing for Guessable (Dictionary) User Account
> >> > (toimp)4.4 Business Logic Testing
> >> >
> >> > I also think that we should have a section after 4.6.3 for horizontal
> >> > privilege attacks.
> >> > 4.6.3 Testing for Privilege Escalation
> >> > -This section covers gaining access to priviliges above what was
> >> > allocated to you but not making transactions as another user with the
> >> > same privilege level. Or you could cover all of the above and just
> >> > make note with parenthesis next to 4.6.3 with (horizontal and
> >> > veritical escalation).
> >> >
> >> >
> >> > Thanks
> >> > Kevin
> >> >
> >> > On Sun, May 25, 2008 at 8:09 AM, Matteo Meucci <
> matteo.meucci at gmail.com>
> >> > wrote:
> >> >> Hi all,
> >> >> here is the updated index table:
> >> >>
> >> >>
> https://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Table_of_Contents
> >> >> https://www.owasp.org/index.php/OWASP_Testing_Project_v3_Roadmap
> >> >>
> >> >> What do you think about that?
> >> >> There are a lot of new articles to write or to improve, so tell me if
> >> >> you are interested writing a particular section.
> >> >> We will write from the 1st June to the 30th June.
> >> >> Daniel, Eoin, what is your opinion?
> >> >>
> >> >> Thanks,
> >> >> Mat
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> Matteo Meucci
> >> >> OWASP-Italy Chair, CISSP, CISA
> >> >> http://www.owasp.org/index.php/Italy
> >> >> OWASP Testing Guide lead
> >> >> http://www.owasp.org/index.php/Testing_Guide
> >> >> _______________________________________________
> >> >> Owasp-testing mailing list
> >> >> Owasp-testing at lists.owasp.org
> >> >> https://lists.owasp.org/mailman/listinfo/owasp-testing
> >> >>
> >> >
> >>
> >>
> >>
> >> --
> >> Matteo Meucci
> >> OWASP-Italy Chair, CISSP, CISA
> >> http://www.owasp.org/index.php/Italy
> >> OWASP Testing Guide lead
> >> http://www.owasp.org/index.php/Testing_Guide
> >> _______________________________________________
> >> Owasp-testing mailing list
> >> Owasp-testing at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-testing
> >
> >
>
>
>
> --
> Matteo Meucci
> OWASP-Italy Chair, CISSP, CISA
> http://www.owasp.org/index.php/Italy
> OWASP Testing Guide lead
> http://www.owasp.org/index.php/Testing_Guide
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20080529/9dd4b1d4/attachment.html
More information about the Owasp-testing
mailing list