[OWASP-TESTING] Next stage

Daniel Cuthbert daniel.cuthbert at owasp.org
Tue Jun 21 09:44:38 EDT 2005


Thanks Victor

SQL injection is an interesting one as the section is potentially huge
Would you mind making sure that the following are covered if possible

- standard sql injection
- stored procedure injection with sql 2000
- blind sql injection
- mysql/post gres injection
- mitigating circumstances


On 21 Jun 2005, at 12:50, Victor Chapela wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Dan,
>
> I have attached my name to all the SQL Injection related sections. I
> can add the most value in these sections given my personal research.
> I could help with other parts if needed (like other kinds of
> injection), let me know.
>
> Best regards,
> Victor
>
>
>> -----Original Message-----
>> From: owasp-testing-admin at lists.sourceforge.net
>> [mailto:owasp-testing-admin at lists.sourceforge.net] On Behalf
>> Of Daniel Cuthbert
>> Sent: Tuesday, June 21, 2005 4:05 AM
>> To: owasp-testing at lists.sourceforge.net
>> Subject: [OWASP-TESTING] Next stage
>>
>> Morning all,
>>
>> Sorry for the short break in the testing guide progress, the
>> real world caught up with me.
>> Attached are the documents needed for the next part of the
>> guide, and they are:
>>
>> Testing Guide II Structure.doc
>>
>> This is the final TOC as we agreed and next to each section,
>> there is the option to add your name and your e-mail
>> address(i.e you will be writing this section)
>>
>> template1.htm
>>
>> If you could structure all your submissions using this
>> template (you can use any format you like, word/text/xml, as
>> long as i can read it on a mac!)
>>
>> Guidelines for creating sections:
>>
>> - DO NOT DO A STRAIGHT COPY FROM ANY OTHER SOURCES ON THE WEB!
>> Plagiarism won't be accepted.
>> This testing guide should reflect the experience you all have
>> in application testing. One of the benefits of OWASP is that
>> the wealth of experience from the contributors enables the
>> reader to understand the section they are reading, as it is
>> presented in a well structured format, which unlike a large
>> amount of research papers on the web today, isn't normally the
>> case.
>>
>> - Try and use examples where possible and also let other
>> "non- security" individuals read what you have written. This
>> ensures that it makes sense to everyone and not just the
>> hardcore penetration testers out there.
>>
>> - I understand everyone has a life and work commitments, so
>> please don't select loads of sections if you know you may not
>> be able to commit to them in the end run.
>>
>> - Contact me if you have any issues during this next phase
>>
>>
>> I think we should aim to have all the sections written by mid
>> August, how does this sound for everyone?
>>
>> Obviously if you feel there is a section missing from the
>> TOC, by all means contact me
>>
>> Look forward to seeing the work coming in
>>
>> Daniel Cuthbert
>>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.1
>
> iQA/AwUBQrf/IL6TmquzxiX9EQIwGgCff2FwSkMwAHtkVa9FE3nIBvwAHz0AoPvf
> i69Wf8656wb/YhxRCf9VExJd
> =OKq+
> -----END PGP SIGNATURE-----
>
>
> <Testing_Guide_II_structure.doc>
>





More information about the Owasp-testing mailing list