[OWASP-TESTING] Contribution to OWASP testing: Configuration Management (infrastructure and application)

Irene Abezgauz irene.abezgauz at gmail.com
Mon Aug 1 15:52:07 EDT 2005


Wasn't that the 15th?


Irene Abezgauz
Application Security Consultant
Hacktics Ltd.
Mobile: +972-54-6545405
Web: www.hacktics.com
 

-----Original Message-----
From: owasp-testing-admin at lists.sourceforge.net
[mailto:owasp-testing-admin at lists.sourceforge.net] On Behalf Of Javier
Fernandez-Sanguino
Sent: Monday, August 01, 2005 11:16 AM
To: 'Owasp-Testing List'
Subject: [OWASP-TESTING] Contribution to OWASP testing: Configuration
Management (infrastructure and application)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everyone,

Attached is my contribution to the OWASP testing manual (as you all
know, today is the deadlines for assigned contributions). I'm not all
too happy with it as, when writing it, I was not able to find really
good tests for each of the sections and the section is more biased
towards "review" (or audit) than "testing".

I will wait to see the other contributions to this part before I go
ahead and write a few of the mini-sections that remain from what I
asked to be assigned (File-system permissions, Process permissions,
and HTML and hidden form fields) since, again, the only way I can make
myself to write about this is from an auditors perspective.

Maybe by reading other's work and seeing how they tackle other similar
topics I might "see the light" on how I should cover these, and also
what kind of technical tests (not reviews) I should introduce.

Regards

Javier


PS: I didn't want these part to be a detailed configuration guide on
setting up or reviewing Apache or IIS configuration, as there is
already good content out there. If you believe it is too generic
please say so and I will try to reuse some (unpublished) I wrote on
that topic in the past.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQu3nw6O1I0N5hzVfEQJ87QCfVk63F/Sf6oMYsc3GP7cZHiiuovYAnjaz
kzZ20v+zbhJ0YMlwmIFoBNK2
=XWag
-----END PGP SIGNATURE-----



-- 
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.9.7/60 - Release Date: 7/28/2005
 
  

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.9.7/60 - Release Date: 7/28/2005
 





More information about the Owasp-testing mailing list