[OWASP-TESTING] Part 1 Update and Session Token Testing Request

Mark Curphey mark.curphey at foundstone.com
Wed Jul 28 21:53:47 EDT 2004


Can someone please send me the great work (I forget who did it) on black box testing session management / session tokens? I would like to add it as an Appendix to Part 1 of an example of what will be coming in Part 2.

I spent time today reworking the main chapters about techniques (manual inspections, code review, threat modeling and pen testing). This was because when we read through it as a whole document after the tech editor had his wicked way, some sections were just far to detailed for this document. They will all be able to be re-purposed for Part 2 so its certainly not lost work.

Larry and I will be updating Chapter 2 and the final Framework Chapter tomorrow and we hope to then have a final draft for you all to review by the end of the week.

Finally we maybe able to release this next week! Yippee.

Cheers,


Mark

PS What is the status of Part 2? Who is working on what? Is there a "table of contents"?




More information about the Owasp-testing mailing list