[Owasp-testing] Oracle Testing

Jeff Williams jeff.williams at aspectsecurity.com
Mon Dec 4 07:31:46 EST 2006


Hi Eoin,

 

It seems out of place there to me.  To me this is part of
testing/verifying connections to backend systems.  And we should
eventually have articles not just about Oracle, but about other
directories, databases, web services, etc... So I suggest we make a new
chapter called "Backend System Testing" and put those articles there.

 

While we're at it, I also suggest taking all the injection articles and
making a new chapter called "Interpreter Injection Testing" - this will
match the structure of "The Guide" better.

 

And could somebody point me to the section on testing access control?  I
know it's got to be there, but I can't find it. But we should have
articles on testing direct object references, whether forced browsing is
possible, business-logic access control testing, and searching for
presentation-layer only access control.

 

Thanks!

 

--Jeff

 

________________________________

From: owasp-testing-bounces at lists.owasp.org
[mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Eoin
Sent: Monday, December 04, 2006 4:38 AM
To: owasp-testing at lists.owasp.org
Subject: [Owasp-testing] Oracle Testing

 

Hi,

Do we agree that the Oracle testing section should be in the
Datavalidation testing section?
There is an element of SQL injection in the document but there are other
topics also like ACL bypass etc...

-ek

-- 
Eoin Keary OWASP - Ireland
http://www.owasp.org/local/ireland.html
http://www.owasp.org/index.php/OWASP_Testing_Project 
http://www.owasp.org/index.php/OWASP_Code_Review_Project 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20061204/2c9cfc74/attachment.html 


More information about the Owasp-testing mailing list