[OWASP-TESTING] Next stage
daniel.cuthbert at owasp.org
Tue Jun 21 09:44:38 EDT 2005
SQL injection is an interesting one as the section is potentially huge
Would you mind making sure that the following are covered if possible
- standard sql injection
- stored procedure injection with sql 2000
- blind sql injection
- mysql/post gres injection
- mitigating circumstances
On 21 Jun 2005, at 12:50, Victor Chapela wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Hi Dan,
> I have attached my name to all the SQL Injection related sections. I
> can add the most value in these sections given my personal research.
> I could help with other parts if needed (like other kinds of
> injection), let me know.
> Best regards,
>> -----Original Message-----
>> From: owasp-testing-admin at lists.sourceforge.net
>> [mailto:owasp-testing-admin at lists.sourceforge.net] On Behalf
>> Of Daniel Cuthbert
>> Sent: Tuesday, June 21, 2005 4:05 AM
>> To: owasp-testing at lists.sourceforge.net
>> Subject: [OWASP-TESTING] Next stage
>> Morning all,
>> Sorry for the short break in the testing guide progress, the
>> real world caught up with me.
>> Attached are the documents needed for the next part of the
>> guide, and they are:
>> Testing Guide II Structure.doc
>> This is the final TOC as we agreed and next to each section,
>> there is the option to add your name and your e-mail
>> address(i.e you will be writing this section)
>> If you could structure all your submissions using this
>> template (you can use any format you like, word/text/xml, as
>> long as i can read it on a mac!)
>> Guidelines for creating sections:
>> - DO NOT DO A STRAIGHT COPY FROM ANY OTHER SOURCES ON THE WEB!
>> Plagiarism won't be accepted.
>> This testing guide should reflect the experience you all have
>> in application testing. One of the benefits of OWASP is that
>> the wealth of experience from the contributors enables the
>> reader to understand the section they are reading, as it is
>> presented in a well structured format, which unlike a large
>> amount of research papers on the web today, isn't normally the
>> - Try and use examples where possible and also let other
>> "non- security" individuals read what you have written. This
>> ensures that it makes sense to everyone and not just the
>> hardcore penetration testers out there.
>> - I understand everyone has a life and work commitments, so
>> please don't select loads of sections if you know you may not
>> be able to commit to them in the end run.
>> - Contact me if you have any issues during this next phase
>> I think we should aim to have all the sections written by mid
>> August, how does this sound for everyone?
>> Obviously if you feel there is a section missing from the
>> TOC, by all means contact me
>> Look forward to seeing the work coming in
>> Daniel Cuthbert
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.1
> -----END PGP SIGNATURE-----
More information about the Owasp-testing