[Owasp-board] Fwd: The OWASP Testing Guide v2 released!

Andrew van der Stock vanderaj at owasp.org
Mon Feb 12 01:13:11 UTC 2007


It missed a critical review issue: it does not have an authZ section. This
was Jeff¹s and my feedback (see
http://www.owasp.org/index.php/Talk:OWASP_Testing_Guide_v2_Table_of_Contents
­ a comment I made a month ago). I am surprised and disappointed it has been
launched without one. Like you, I¹ve been focussed on other things
(primarily the T10), so mea culpa for not carefully reviewing it, but still
­ Jeff and I made it clear in e-mail (and in my case, the wiki as well) to
the project it was missing a major section, and that wasn¹t fixed.

However, as part of editing the book, we will be assigned a technical
editor. Let¹s get the Guide out there, and get some feedback. We need Matteo
to really shepherd each chapter through the process, and as part of that
process, we should:

Ensure that the Testing Guide AuthZ content makes it to its own chapter
* this means less content in business logic testing

Ensure that the Testing Guide, Code Review and Building Guide all have the
same headings (as per the SFA template)
* This means more Testing Guide content

But it¹s worthwhile to get onto NSP and say O¹Reilly (who own NSP) and see
if they can improve on NSP¹s contract. If not, we go with NSP. A core issue
is that the material MUST be available on the Wiki in various formats, not
just dead tree. Otherwise, no deal. NSP are okay with this.

Andrew

On 2/11/07 5:09 PM, "Dinis Cruz" <dinis at ddplus.net> wrote:

> OK, now that the guide is published we should upgrade its status in
> http://www.owasp.org/index.php/Category:OWASP_Project right?
> 
> Hard question: Is this version of the quite good enough to be made into a
> book? I am really at fault here since I couldn't find the time to properly
> review it, so I don't know (in depth) how good the whole guide is?
> 
> Jeff, Dave and Andrew, what are you feelings on the guide?
> 
> Dinis
> 
> ---------- Forwarded message ----------
> From: Matteo Meucci < matteo.meucci at gmail.com <mailto:matteo.meucci at gmail.com>
> >
> Date: Feb 10, 2007 8:34 PM
> Subject: The OWASP Testing Guide v2 released!
> To: owasp-testing at lists.owasp.org, dinis.cruz at owasp.net, Andrew van der Stock
> <vanderaj at owasp.org>, Jeff Williams <jeff.williams at owasp.org>
> 
> Hi all, 
> thank for your great feedback!
> I've published the v2 of our Testing Guide in doc format.
> You can find it here:
> http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_v2_doc.zip
> <http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_v2_doc.zip>
> 
> We have received a lot of great comments: more than 20 articles have
> been reviewed.
> 
> Dinis, I've updated the main page of the project:
> http://www.owasp.org/index.php/Category:OWASP_Testing_Project
> is that ok for you?
> 
> Thanks,
> Mat
> 
> --
> Matteo Meucci
> OWASP-Italy Chair, CISSP, CISA
> http://www.owasp.org/index.php/Italy
> OWASP Testing Guide lead
> http://www.owasp.org/index.php/Testing_Guide
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070211/1152153a/attachment-0002.html>


More information about the Owasp-board mailing list