[OWASP-TESTING] pentest cheat sheet

Daniel Daniel at deeper.co.za
Wed Jul 14 05:00:09 EDT 2004

This is one of my biggest concerns.
Since ive been on this guide for a long time now, ive seen the sections go
out for everyone to write and only a handful of people actually deliver
their section back complete.

Seriously, i understand that everyone has jobs/lifes/wives/husbands/cars/
etc, but if you feel you dont have the time to donate please let me know!

> Lluis Mora wrote:
>> Hi all,
>> I like the idea but what about having that as part of the 2nd phase
>> contents? At the end of each section a "things to test" subsection -
>> like
>> this it can be easily related to the in-depth discussion of the
>> vulnerability that (I assume) will be part of that section and can be
>> more
>> easily mantained than a separate document.
> That's a good idea. Actually, that's what we started writting for the
> testing guide last year. All the info is currently sitting (unused) in
> the CVS, it's also far from complete:
> http://cvs.sourceforge.net/viewcvs.py/owasp/testing/
>> I think a way forward (even before we have the definitive list of
>> sections)
>> could be to write up one of the sections, so that we agree on the
>> content of
>> the section. What about something along the lines of:
> The outline looks great to me. My only concern is that the last time
> we tried this we did not cover all the vulnerabilities we wanted to
> (not everyone did their homework). So maybe it's better to do first a
> generic overview of the common vulnerabilities in section 6 and then
> provide examples for specific vulnerabilities (i.e. those we can write
> down stuff for following your outline). So the section might say
> "Below you will find some examples of vulnerabilities and how they
> should be tested as well as their known caveats"
> IF we are able to cover all the vulnerabilities as defined in the
> Pentest checklist then we can scratch the reference to those sections
> being examples and substitute that with a "Below you will find a list
> of all known common vulnerabilities and how test should be conducted
> to detect them as well as known caveats"
> Regards
> Javier

More information about the Owasp-testing mailing list