[OWASP-TESTING] Next stage

Javier Fernandez-Sanguino jfernandez at germinus.com
Thu Jun 23 07:20:00 EDT 2005


Daniel Cuthbert wrote:

> This is the final TOC as we agreed and next to each section, there is  
> the option to add your name and your e-mail address(i.e you will be  
> writing this section)

Ok. Count me in for the:

- Methodologies -> Penetration Testing
- Configuration Management Infraestructure
- Configuration Management Application

I could possibly contribute to some other sections but I'd rather 
peer-review them than write them myself :-)

We should be reusing some of the content we developed when we wanted 
to tackle the testing guide first. We already developed content 
related to testing of:

- Authentication
- Cross Site Scripting
- Default files
- Directory Traversal
- OS Command Injection
- Backup and Unreference files

For those who were not present at the time (that was November 2003) 
all of those are available at 
http://cvs.sourceforge.net/viewcvs.py/owasp/testing/
Please reuse them, if possible.

I've taken some time to put together all of the current section 
volunters (myself included). Attached is the latest document version.
Handling this through e-mail is a little bit messy,  wouldn't it be 
best to handle this through some kind of wiki or CVS we could all 
write to?

In any case, Daniel, I think we should setup a timeline with 
appropiate deadlines. How about this one:

--------------------------------------------------------
August 1st - first version of the volunteered sections
[ peer review of sections, detection of who is not active, decission 
to offer up sections to others if people are overloaded, etc ]

August 15th - final version of the sections
[ peer review of sections, editorial changes ]

August 29th - first document draft (all sections put together)

[ peer review of the document]

September 5th - final release of section 2
---------------------------------------------------------------

Does it sound reasonable?

Regards

Javier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Testing_Guide_II_structure-jfs.doc
Type: application/msword
Size: 62464 bytes
Desc: not available
Url : http://lists.owasp.org/pipermail/owasp-testing/attachments/20050623/0076ca70/attachment.doc 


More information about the Owasp-testing mailing list