[Owasp-board] REQUEST FOR DECISION/RE: OWASP Testing Guide v3: published!

Paulo Coimbra paulo.coimbra at owasp.org
Thu Dec 18 13:30:06 UTC 2008


Hello Tom and Sebastien,

 

As you know the Testing Guide was already launched. As you also know, to
conclude our assessment
<https://www.owasp.org/index.php/Category:OWASP_Project_Assessment#Assessmen
t_Scale_for_OWASP_DOCUMENTATION_Projects>  process, the project must be
reviewed
<https://www.owasp.org/index.php/OWASP_Testing_Guide_3.0_-_Assessment_Frame>
by an OWASP Board member. As I said below, please be aware that, likely by
mistake, both of you are being referred as reviewers. Please check here
<https://www.owasp.org/index.php/Category:OWASP_Testing_Project>  and here
<https://www.owasp.org/index.php/OWASP_Summer_of_Code_2008_Projects_Authors_
Status_Target_and_Reviewers> . 

 

In this context, would one of you care to inform me how will it be, please?

 

Thank you, regards,

 

Paulo Coimbra,

OWASP Project Manager

 

 

> >-----Original Message-----

> >From: Matteo Meucci [mailto:matteo.meucci at owasp.org]

> >Sent: terça-feira, 16 de Dezembro de 2008 19:09

> >To: paulo.coimbra at owasp.org

> >Cc: Jeff Williams; Dave Wichers; dinis cruz; Sebastien Deleersnyder;

> >Tom Brennan; Laurence Casey; namn at bluemoon.com.vn; KFuller at dmv.ca.gov

> >Subject: Re: OWASP Testing Guide v3: published!

> >

> >Hi Paulo,

> >thanks!

> >I answer you inline.

> >

> >On Tue, Dec 16, 2008 at 7:44 PM, Paulo Coimbra

> ><paulo.coimbra at owasp.org> wrote:

> >> Hi Matteo,

> >>

> >>

> >>

> >> Hope you are well.

> >>

> >>

> >>

> >> Please accept my felicitations on having finished the OWASP Testing

> >Guide's

> >> third version and thank you for continually supporting the OWASP

> >Foundation.

> >>

> >>

> >>

> >> I've taken the liberty and already uploaded the pdf to the project's

> >frame.

> >>

> >>

> >>

> >> I also did the following:

> >>

> >> - Added a square to mentioning the project's chosen licence and

> >included the

> >> same one as you have pointed out in the pdf,

> >>

> >> - Replaced emails addresses by wiki's users identification (with the

> >> exception of Kevin which wiki username I couldn't find),

> >>

> >>

> >>

> >> Hope you are ok with these little changes otherwise I will undo

> >them.

> >>

> >

> >Perfect.

> >

> >>

> >> Also, as far as I can understand from my reading of our assessment

> >criteria,

> >> to keep this project doing its way up the ladder, the following

> >course of

> >> action should be taken:

> >>

> >>

> >>

> >> - Finish up the second part of the final self-review - Matteo

> >Meucci,

> >

> >Done it.

> >

> >> - Perform the OWASP Board Member final review - Tom Brennan or

> >Sebastien

> >> Deleersnyder (please check the contradiction as the former is

> >mentioned here

> >> and the latter here)

> >>

> >> - Create and upload a conference style Powerpoint presentation that

> >> describes the use and status of the project - Matteo Meucci,

> >

> >Is that ok?

> >http://www.owasp.org/images/2/2c/OWASP_EU_Summit_2008_OWASP_Testing_Gu

> >ide_v3.ppt

> >

> >

> >> - Convert the Testing Guide to an OWASP Book available for download

> >or

> >> purchase at the OWASP Lulu bookstore – Paulo or Dinis and Larry.

> >>

> >>

> >>

> >> As to create the Owasp lulu book a Word file is needed, could you

> >please

> >> send it off to me, please?

> >>

> >>

> >>

> >> Regarding the text that you have written to send to the OWASP-all

> >mailing

> >> list, I just want to alert you to the little mistake about our last

> >Season

> >> of Code name. It is OWASP Summer of Code 2008, not Autumn. J

> >>

> >>

> >>

> >> Many thanks, Matteo, best regards,

> >>

> >>

> >>

> >> Paulo Coimbra,

> >>

> >> OWASP Project Manager

> >>

> >>

> >>> >-----Original Message-----

> >>

> >>> >From: Tom Brennan [mailto:tomb at owasp.org]

> >>

> >>> >Sent: terça-feira, 16 de Dezembro de 2008 14:57

> >>

> >>> >To: Matteo Meucci

> >>

> >>> >Cc: Jeff Williams; Dave Wichers; dinis cruz; Paulo Coimbra;

> >Sebastien

> >>

> >>> >Deleersnyder

> >>

> >>> >Subject: Re: OWASP Testing Guide v3: published!

> >>

> >>> >

> >>

> >>> >Sounds good.

> >>

> >>> >

> >>

> >>> >We can do a announcement to OWASP-ALL this week as a "OWASP XMas

> >Gift"

> >>

> >>> >for the holiday reading season ( Dinis, if you can get it added to

> >>

> >>> >lulu - can we can push buy the new book now)

> >>

> >>> >

> >>

> >>> >On Tue, Dec 16, 2008 at 9:26 AM, Matteo Meucci

> >>

> >>> ><matteo.meucci at owasp.org> wrote:

> >>

> >>> >> Hi board,

> >>

> >>> >> the OWASP Testing guide is finished, thanks to Kirsten and Dave

> >>

> >>> >final review.

> >>

> >>> >> If you agree I can upload the attached PDF and I can post the

> >>

> >>> >> following on the appsec mailing list:

> >>

> >>> >>

> >>

> >>> >>

> >>

> >>> >> ANNOUNCING THE NEW "OWASP TESTING GUIDE v3

> >>

> >>> >>

> >>

> >>> >> OWASP is announcing the new OWASP Testing Guide v3. The project

> >as

> >>

> >>> >> part of the OWASP Autumn of Code, started on April 2008

> >reviewing

> >>

> >>> >the

> >>

> >>> >> version 2, improving it.

> >>

> >>> >> OWASP Testing Guide v3 is a 349 page book; we have split the set

> >of

> >>

> >>> >> active tests in 9 sub-categories for a total of 66 controls to

> >test

> >>

> >>> >> during the Web Application Testing activity.

> >>

> >>> >> Each control has an OWASP name, so for example a SQL Injection

> >is

> >>

> >>> >> called: OWASP-DV-005, meaning that it is the 5th control of the

> >Data

> >>

> >>> >> Validarion category.

> >>

> >>> >> We got a dream team of 21 authors and 4 reviewers: after 6

> >months of

> >>

> >>> >> hard work and great team work we realized the v3.

> >>

> >>> >>

> >>

> >>> >> We'd like to ask you to support OWASP to reach the following

> >goals:

> >>

> >>> >>

> >>

> >>> >> *** Continuously improve the guide.

> >>

> >>> >> The Guide is a "live" document: we always need your feedback!

> >>

> >>> >> Please join our testing mailing list and share your ideas:

> >>

> >>> >> http://lists.owasp.org/mailman/listinfo/owasp-testing

> >>

> >>> >>

> >>

> >>> >> *** Promote the Testing Guide.

> >>

> >>> >> We would like to have some more media coverage on the guide, so

> >>

> >>> >> please, if you know somebody in there put them in touch.

> >>

> >>> >> If you have the chance, you can write an article about the

> >Testing

> >>

> >>> >> Guide and the new OWASP Projects.

> >>

> >>> >> Also you can pick up the OWASP Testing Guide presentations and

> >talk

> >>

> >>> >> about it in local conferences and Chapter meetings.

> >>

> >>> >>

> >>

> >>>

> >>https://www.owasp.org/images/2/2c/OWASP_EU_Summit_2008_OWASP_Testing_

> >G

> >>

> >>> >uide_v3.ppt

> >>

> >>> >>

> >>

> >>> >> *** Add 'quotes' to the Guide.

> >>

> >>> >> We made a special 'quotes' pages for the Testing Guide.

> >>

> >>> >> Here we'd want to add all the comments and references to the

> >Guide.

> >>

> >>> >> http://www.owasp.org/index.php/OWASP_Testing_Guide_Quotes

> >>

> >>> >>

> >>

> >>> >> The OWASP Testing Guide includes a "best practice" penetration

> >>

> >>> >testing

> >>

> >>> >> framework which users can implement in their own organizations

> >and a

> >>

> >>> >> "low level" penetration testing guide that describes techniques

> >for

> >>

> >>> >> testing most common web application and web service security

> >issues.

> >>

> >>> >>

> >>

> >>> >> Download the Guide Now:

> >>

> >>> >> - http://www.owasp.org/index.php/OWASP_Testing_Project

> >>

> >>> >> - http://www.owasp.org/index.php/OWASP_Testing_Guide_v3.pdf

> >>

> >>> >>

> >>

> >>> >> View the Presentation at the OWASP Summit 08:

> >>

> >>> >> - http://www.owasp.org/index.php/OWASP_EU_Summit_2008_OWASP

> >Testing

> >>

> >>> >Guide v3.ppt

> >>

> >>> >>

> >>

> >>> >> Join the Project Mailing List:

> >>

> >>> >> - http://lists.owasp.org/mailman/listinfo/owasp-testing

> >>

> >>> >>

> >>

> >>> >> Thanks,

> >>

> >>> >> Mat

> >>

> >>> >>

> >>

> >>> >

> >>

> >>> >

> >>

> >>> >

> >>

> >>> >--

> >>

> >>> >Tom Brennan

> >>

> >>> >Board Member

> >>

> >>> >OWASP Foundation

> >>

> >>> >Tel: 973-795-1046 x112

> >>

> >>> >Url: www.owasp.org

> >

> >

> >

> >--

> >Matteo Meucci

> >OWASP-Italy Chair, CISSP, CISA

> >http://www.owasp.org/index.php/Italy

> >OWASP Testing Guide lead

> >http://www.owasp.org/index.php/Testing_Guide

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20081218/c074a116/attachment-0002.html>


More information about the Owasp-board mailing list