[OWASP-TESTING] Sign up list and Template

Glyn glyng at moiler.com
Fri Oct 24 19:03:23 EDT 2003


I'll take a crack at session management then - lots written on
implementing but little on testing.

That encompasses a few other items on the list too, e.g.:
Session ID Predictability     
Token Expiry
Inactivity Timeout 
Activity Timeout
Expiration at Logoff

Sign me up - due date Monday 17th November?

-----Original Message-----
From: owasp-testing-admin at lists.sourceforge.net
[mailto:owasp-testing-admin at lists.sourceforge.net] On Behalf Of Mark
Curphey
Sent: 24 October 2003 20:53
To: 'Glyn'; owasp-testing at lists.sourceforge.net
Subject: RE: [OWASP-TESTING] Sign up list and Template


Thanks for the offer but at this stage we need the details content and
not the overview. Penny and I (and a few industry gurus I have recruited
(should have told you about that Penny;-() ) have that covered. 

How about some of the other topics? 


-----Original Message-----
From: Glyn [mailto:glyng at moiler.com] 
Sent: Friday, October 24, 2003 12:58 AM
To: 'Mark Curphey'; owasp-testing at lists.sourceforge.net

Hi guys,

I'm happy to flesh out a more detailed overview testing mehodology based
on the introduction document and the existing guide.

>From feedback to that I'm sure we can flesh out the list of topics
>(e.g.
session management, protocol analysis) that warrant their own chapters.

Glyn.

-----Original Message-----
From: owasp-testing-admin at lists.sourceforge.net
[mailto:owasp-testing-admin at lists.sourceforge.net] On Behalf Of Mark
Curphey
Sent: 23 October 2003 21:11
To: owasp-testing at lists.sourceforge.net
Subject: FW: [OWASP-TESTING] Sign up list and Template


web view cvs sometimes take a while to update. It is there now and you
are signed up sir ! Thanks.
 
I have also taken transport security. I have a pretty good technique
using OpenSSL to test SSL algorithms, available key lengths and
certificates validity and properties.


  _____  

From: Jim Markley [mailto:jimmarkley at dallasmeetingmanagement.com]
Sent: Wednesday, October 22, 2003 11:28 PM
To: Mark Curphey


Mark,
 
    I didn't see any files on sourceforge.net under the testing project,
though I may not have been in the correct place. If no one has signed up
for 'Parameter Manipulation', please mark me down for it.
 
Thanks,
Jim

	----- Original Message ----- 
	From: Mark Curphey <mailto:mark at curphey.com>  
	To: owasp-testing at lists.sourceforge.net 
	Sent: Wednesday, October 22, 2003 7:45 PM
	Subject: [OWASP-TESTING] Sign up list and Template

	OK folks, in the CVS under a module called testing are two
files. One is a
	sign-up list to write up how to test specific issues and the
other a very
	basic HTML template. 
	
	If you are interested in participating please let Penny Major or
myself know
	what you would like to write up and we will update the list.
First come
	first served. As always copyright will be FSF and released under
GPL. If you
	haven't signed up to write up anything by  Sunday we are going
to cull this
	list as it is for active participants and this project is now
officially
	active ;-) All write-ups should be complete within a month and
be no more
	than 2,500 words. Penny and I will then piece this together with
the into
	etc and create a first draft. Please ensure the how to test is
not just
	black box testing. If you aren't sure about code analysis or
other ways to
	test, mail the list and ask for help.
	
	If you can't or don't do CVS the files are attached.
	
	Lets go !
	
	
	
	





-------------------------------------------------------
This SF.net email is sponsored by: The SF.net Donation Program. Do you
like what SourceForge.net is doing for the Open Source Community?  Make
a contribution, and help us add new features and functionality. Click
here: http://sourceforge.net/donate/
_______________________________________________
owasp-testing mailing list
owasp-testing at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owasp-testing





More information about the Owasp-testing mailing list