[OWASP-TESTING] Next stage

Daniel Cuthbert daniel.cuthbert at owasp.org
Thu Jun 23 08:20:35 EDT 2005


yes please, remember the difference between the OWASP docs and the  
other books/resources out there, is that we actually explain the  
issue in a better way. I would love for everyone to use screenshots,  
data flow diagrams (DFD's) etc.

If the point can be made using these, by all means, use them


On 23 Jun 2005, at 12:17, Syed Mohamed A wrote:


> Apologies if I'm not in sync. I remember we discussing to keep  
> reporting in
> Phase III. Should we hv analyzing results , reporting etc in Phase  
> II? If
> so, may I assist to Daniel in false positive removal, Validating  
> results and
> reporting along with Daniel.
>
> Also I would like to contribute on the following
>
> Google Hacking
> Path traversal
> URL parameters
> HTTP header manipulation
>
> Also willing to assist irene.abezgauz at gmail.com on authentication  
> section.
>
> DANIEL:
> Do we need any flow charts kinda stuff (like we did in PENTEST  
> document)
> anywhere in our document , I will be happy to assist.
>
> Regards
> Syed Mohamed A
>
> -----Original Message-----
> From: owasp-testing-admin at lists.sourceforge.net
> [mailto:owasp-testing-admin at lists.sourceforge.net]On Behalf Of Daniel
> Cuthbert
> Sent: Thursday, June 23, 2005 3:39 PM
> To: Sebastien Deleersnyder
> Cc: owasp-testing at lists.sourceforge.net
> Subject: Re: [OWASP-TESTING] Next stage
>
>
> I am also working on a fairly big section of reporting and after
> effects of the security test, so would appreciate the help!
>
>
> On 23 Jun 2005, at 09:34, Sebastien Deleersnyder wrote:
>
>
>
>> Hi,
>>
>> I would like to:
>> 1) put in a section on reporting results (after Analyzing results ?)
>> 2) help with the overall review
>>
>> I do not agree with the free-loader remark: one of the reasons I
>> subscribed to this list is to stay current on progress and report  
>> this
>> in the Belgium Chapter meetings (being the Chapter leader).
>>
>> Regards,
>>
>> Seba
>>
>>
>> -----Original Message-----
>> From: owasp-testing-admin at lists.sourceforge.net
>> [mailto:owasp-testing-admin at lists.sourceforge.net] On Behalf Of  
>> Daniel
>> Cuthbert
>> Sent: dinsdag 21 juni 2005 11:05
>> To: owasp-testing at lists.sourceforge.net
>> Subject: [OWASP-TESTING] Next stage
>>
>> Morning all,
>>
>> Sorry for the short break in the testing guide progress, the real
>> world
>> caught up with me.
>> Attached are the documents needed for the next part of the guide, and
>> they are:
>>
>> Testing Guide II Structure.doc
>>
>> This is the final TOC as we agreed and next to each section, there is
>> the option to add your name and your e-mail address(i.e you will be
>> writing this section)
>>
>> template1.htm
>>
>> If you could structure all your submissions using this template
>> (you can
>> use any format you like, word/text/xml, as long as i can read it on a
>> mac!)
>>
>> Guidelines for creating sections:
>>
>> - DO NOT DO A STRAIGHT COPY FROM ANY OTHER SOURCES ON THE WEB!
>> Plagiarism won't be accepted.
>> This testing guide should reflect the experience you all have in
>> application testing. One of the benefits of OWASP is that the
>> wealth of
>> experience from the contributors enables the reader to understand the
>> section they are reading, as it is presented in a well structured
>> format, which unlike a large amount of research papers on the web
>> today,
>> isn't normally the case.
>>
>> - Try and use examples where possible and also let other "non-
>> security"
>> individuals read what you have written. This ensures that it makes
>> sense
>> to everyone and not just the hardcore penetration testers out there.
>>
>> - I understand everyone has a life and work commitments, so please
>> don't
>> select loads of sections if you know you may not be able to commit to
>> them in the end run.
>>
>> - Contact me if you have any issues during this next phase
>>
>>
>> I think we should aim to have all the sections written by mid August,
>> how does this sound for everyone?
>>
>> Obviously if you feel there is a section missing from the TOC, by all
>> means contact me
>>
>> Look forward to seeing the work coming in
>>
>> Daniel Cuthbert
>>
>>
>> -------------------------------------------------------
>> SF.Net email is sponsored by: Discover Easy Linux Migration  
>> Strategies
>> from IBM. Find simple to follow Roadmaps, straightforward articles,
>> informative Webcasts and more! Get everything you need to get up to
>> speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
>> _______________________________________________
>> owasp-testing mailing list
>> owasp-testing at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/owasp-testing
>>
>>
>>
>>
>
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
> from IBM. Find simple to follow Roadmaps, straightforward articles,
> informative Webcasts and more! Get everything you need to get up to
> speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
> _______________________________________________
> owasp-testing mailing list
> owasp-testing at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-testing
>
> <Testing_Guide_II_structure1.doc>
>
>






More information about the Owasp-testing mailing list