[Owasp-board] REQUEST FOR COMMENTS/RE: OWASP Testing Guide: start a new project

Jeff Williams jeff.williams at owasp.org
Mon Jun 21 19:48:51 UTC 2010

Yes - absolutely. This is one of OWASP's banner projects and Matteo has done
a masterful job of it.  Keeping this up to date is critical.




Jeff Williams, Chair

The OWASP Foundation

work: 410-707-1487

main: 301-604-4882


From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Paulo Coimbra
Sent: Monday, June 21, 2010 10:42 AM
To: 'Global Projects Committee'; 'OWASP Foundation Board List'
Cc: 'Matteo Meucci'
Subject: [Owasp-board] REQUEST FOR COMMENTS/RE: OWASP Testing Guide: start a
new project


Board, GPC,


Could you please respond my email below? Do you have any feedback regarding
Matteo's proposal to create a fourth version of the Testing Guide? Can he
start the works to produce the new edition? Do you agree with my proposal to
budget this Guide's improvement?




Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager


From: Paulo Coimbra [mailto:paulo.coimbra at owasp.org] 
Sent: quinta-feira, 17 de Junho de 2010 16:40
To: 'Global Projects Committee'
Cc: 'Matteo Meucci'
Subject: RE: OWASP Testing Guide: start a new project


Board, Committee,


As you can see below, Matteo Meucci is willing to create the fourth version
of the Testing Guide and has kindly sent us his idea for approval/feedback.


As we haven't opened the new season of code still, I propose we make
available a budget to support expenses with language review, pagination
(graphical arrangement of pages) and marketing.


Please let us know your thoughts.




Paulo Coimbra,

 <https://www.owasp.org/index.php/Main_Page> OWASP Project Manager


From: Matteo Meucci [mailto:matteo.meucci at owasp.org] 
Sent: segunda-feira, 24 de Maio de 2010 11:37
To: Paulo Coimbra
Subject: OWASP Testing Guide: start a new project


Hi Paulo,

here is my idea for the new Testing Guide.


(0) Project Name: OWASP Testing Guide (v4?)


(1) Project purpose / overview

- Review all the control numbers to adhere to the OWASP Common

numbering: http://www.owasp.org/index.php/Common_OWASP_Numbering

- Review all the sections in v3

- Create a more readable guide, eliminating some sections that are not
really usefull

- Insert new testing techniques: HTTP Verb tampering, HTTP Parameter
Pollutions, ecc

- Rationalize some sections as Session Management Testing

- Create a new section: Client side security and firefox extensions testing


(2) Project Roadmap (as mentioned above)

- Introduce the new project to the testing Guide mailing list

- Involve the contributors: we need to involve also the final users of the
Testing Guide (for example Banking to understand how they would like to
improve that).

- 1st June 2010: Start a brainstorming for the new index starting from (1)

- 1st July 2010: Create the new index and the new team

- 15th July 2010: Starting writing articles

- 15th September 2010: Starting the first review phase

- 15th October 2010: Starting writing articles II phase

- 15th November 2010: Starting the second review phase

- 15th December 2010: Create the RC1

- 15th January 2011: Release the version 4


(3) Project links (if any) to external sites,

- no


(4) Project License


Creative Commons Attribution Share Alike 3.0 as usal :)


(5) Project Leader name,

Matteo Meucci


(6) Project Leader email address

matteo.meucci at owasp.org


(7) Project Leader wiki account - the username (you'll need this to edit the
wiki) Mmeucci


(8) Project Maintainer (if any)  - name, email and wiki account (if any)
Matteo Meucci


(9) Project Contributor(s) (if any) - name email and wiki account (if any) A
short list of contributors that would like to improve the guide:

- Roberto Suggi Liverani

- Nick Freeman

- Stefano Di Paola

- Marco Morana

- Giorgio Fedon

- Kevin Horvath




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100621/8d5ce359/attachment-0002.html>

More information about the Owasp-board mailing list