[OWASP-TESTING] Next stage

Alex Smolen alsmola at yahoo.com
Tue Jun 21 15:07:57 EDT 2005


I volunteer to do the web services portion of the
testing guide.

--- Daniel Cuthbert <daniel.cuthbert at owasp.org> wrote:

> Thanks Victor
> 
> SQL injection is an interesting one as the section
> is potentially huge
> Would you mind making sure that the following are
> covered if possible
> 
> - standard sql injection
> - stored procedure injection with sql 2000
> - blind sql injection
> - mysql/post gres injection
> - mitigating circumstances
> 
> 
> On 21 Jun 2005, at 12:50, Victor Chapela wrote:
> 
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hi Dan,
> >
> > I have attached my name to all the SQL Injection
> related sections. I
> > can add the most value in these sections given my
> personal research.
> > I could help with other parts if needed (like
> other kinds of
> > injection), let me know.
> >
> > Best regards,
> > Victor
> >
> >
> >> -----Original Message-----
> >> From: owasp-testing-admin at lists.sourceforge.net
> >>
> [mailto:owasp-testing-admin at lists.sourceforge.net]
> On Behalf
> >> Of Daniel Cuthbert
> >> Sent: Tuesday, June 21, 2005 4:05 AM
> >> To: owasp-testing at lists.sourceforge.net
> >> Subject: [OWASP-TESTING] Next stage
> >>
> >> Morning all,
> >>
> >> Sorry for the short break in the testing guide
> progress, the
> >> real world caught up with me.
> >> Attached are the documents needed for the next
> part of the
> >> guide, and they are:
> >>
> >> Testing Guide II Structure.doc
> >>
> >> This is the final TOC as we agreed and next to
> each section,
> >> there is the option to add your name and your
> e-mail
> >> address(i.e you will be writing this section)
> >>
> >> template1.htm
> >>
> >> If you could structure all your submissions using
> this
> >> template (you can use any format you like,
> word/text/xml, as
> >> long as i can read it on a mac!)
> >>
> >> Guidelines for creating sections:
> >>
> >> - DO NOT DO A STRAIGHT COPY FROM ANY OTHER
> SOURCES ON THE WEB!
> >> Plagiarism won't be accepted.
> >> This testing guide should reflect the experience
> you all have
> >> in application testing. One of the benefits of
> OWASP is that
> >> the wealth of experience from the contributors
> enables the
> >> reader to understand the section they are
> reading, as it is
> >> presented in a well structured format, which
> unlike a large
> >> amount of research papers on the web today, isn't
> normally the
> >> case.
> >>
> >> - Try and use examples where possible and also
> let other
> >> "non- security" individuals read what you have
> written. This
> >> ensures that it makes sense to everyone and not
> just the
> >> hardcore penetration testers out there.
> >>
> >> - I understand everyone has a life and work
> commitments, so
> >> please don't select loads of sections if you know
> you may not
> >> be able to commit to them in the end run.
> >>
> >> - Contact me if you have any issues during this
> next phase
> >>
> >>
> >> I think we should aim to have all the sections
> written by mid
> >> August, how does this sound for everyone?
> >>
> >> Obviously if you feel there is a section missing
> from the
> >> TOC, by all means contact me
> >>
> >> Look forward to seeing the work coming in
> >>
> >> Daniel Cuthbert
> >>
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 8.1
> >
> >
>
iQA/AwUBQrf/IL6TmquzxiX9EQIwGgCff2FwSkMwAHtkVa9FE3nIBvwAHz0AoPvf
> > i69Wf8656wb/YhxRCf9VExJd
> > =OKq+
> > -----END PGP SIGNATURE-----
> >
> >
> > <Testing_Guide_II_structure.doc>
> >
> 
> 
> 
>
-------------------------------------------------------
> SF.Net email is sponsored by: Discover Easy Linux
> Migration Strategies
> from IBM. Find simple to follow Roadmaps,
> straightforward articles,
> informative Webcasts and more! Get everything you
> need to get up to
> speed, fast.
>
http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
> _______________________________________________
> owasp-testing mailing list
> owasp-testing at lists.sourceforge.net
>
https://lists.sourceforge.net/lists/listinfo/owasp-testing
> 





More information about the Owasp-testing mailing list