[OWASP-TESTING] Status update: 22 August

Javier Fernandez-Sanguino jfernandez at germinus.com
Mon Aug 29 06:06:12 EDT 2005


Daniel wrote:

> Hi all,
> 
> Just thought i would say a big thanks to all that have added their  
> sections to the finished pile, so far its looking great.
> I've attached the outline of who said they would do what, and also  
> what's been completed so far (if anything is missing, please let me  know)

I sent some sections a while back [1] but are not listed as completed. 
This includes the sections from "Configuration Management 
Infrastructure": "Known Web Server Vulnerabilities", "Web application 
architecture", "Access and visibility of administrative tools of web, 
application, etc servers.", "Authentication back-ends (LDAP, DBMS, 
text files)". I changed the title in my contribution so maybe that's 
why you did not see them, my fault.

As for the "Configuration Management Application" chapter, I've sent 
all the sections except for "Permissions", "HTML and hidden form 
fields" and "Process permissions". I wanted to review the writing 
style of the other submissions before doing this.

Excuse me if this was provided before, but, shouldn't we use a 
template for all these different sections? I'm seeing contributions 
that closely resemble the OWASP Guide and some others that don't 
follow the same style (like mine).

What's up with all the people that committed do some sections? (some 
others even said that they had almost finished them). It's almost one 
month after the deadline for a first draft and there's just too many 
sections incomplete.

People that contributed, listen up! Please keep up with your promises 
and provide those sections. This resembles too much what happened back 
in 2003 when only a few sections were written in a rather ambitious 
effort to write the testing guide from scratch.

In any case, Daniel, do you have a master document with all the 
current contributions included?

Regards


Javier

[1] Message-ID: <42EDE840.50603 at germinus.com>




More information about the Owasp-testing mailing list