[Owasp-leaders] Invitation to Working Sessions: Common Vulnerability List & Testing Guide

Matteo Meucci matteo.meucci at owasp.org
Mon Jan 31 07:08:43 EST 2011


Hi leaders,

(1) I would like to invite you to the OWASP Common Vulnerability list
working session at the OWASP Summit.
Your presence here it's really important because this project is the
basis for the new Development, Code Review and Testing Guides.

INTRO:  there are many OWASP projects like OWASP Testing Guide, OWASP
Code Review Guide, OWASP Developers Guide, etc which discuss on how to
look for and remediate various vulnerabilities in a web application. For
e.g., people using OWASP Testing Guide to test for vulnerabilities in
their application can go through a list of vulnerabilities and test for
it but there is no easy way for them to cross reference to dev guide to
jump to a specific section and be able to access the relevant
information quickly. These vulnerabilities are discussed as individual
list in all the guides and there is no easy way to cross-reference all
of them.

GOAL: OWASP Common Vulnerability List will be a lightweight list, which
will contain only the vulnerability ID, category, vulnerability name and
a brief description. The main objective of this list is to provide a
common platform for other guides and tools to provide a link to each other.

DETAILS: Please, sign your name  here:
http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session201

(2) Then, I would like to invite you to the OWASP Testing Guide working
session at the OWASP Summit.

INTRO: OWASP Testing v3 is widely adopted by the Companies worldwide.
The core of the project is the methodology and the list of vulnerability
to test.
http://www.owasp.org/index.php/Testing_Checklist
Now we need to:
-  update the vulnerability list to test (from the OWASP Common
Vulnerabiltity list), adding new testing techniques, for ex.: HTTP Verb
tampering, HTTP Parameter Pollutions, etc.,
- Create a more readable guide, eliminating some sections that are not
really useful,
- Rationalize some sections such as Session Management Testing,
- Debate if create a new section: Client side security and Firefox
extensions testing
- other?

GOAL: Set-up the new core of the v4 and build it.

DETAILS:
http://www.owasp.org/index.php/Summit_2011_Working_Sessions/Session052

Thanks!
Mat


More information about the OWASP-Leaders mailing list