[OWASP-TESTING] Testing guide status
Eoin Keary
eoinkeary at hotmail.com
Tue Mar 21 05:39:37 EST 2006
Hello,
I have compiled the submissions from all contributors below.
The Authors of some of the documents are unknown, if you are one of them
drop me a line.
The documents also need to be reviewed for content initially. The second
stage is to format them.
SO..... We need volunteers to review the documentation....help appreciated.
Thanks,
Eoin
Known authors:
-------------------------------------------------------------------------------------------------------
Cookie manipulating - Matteo Meucci – Alberto Revelli July 2005
Buffer Overflow – Heap Overflow Vulnerability - Varun Uppal 31st August,
2005
Buffer Overflow – stack Overflow Vulnerability - Varun Uppal 10th July, 2005
OS Injection - Eoin Keary 2005
Application Layer Denial of Service (DoS) Attacks - Larry Shields, CISSP -
August 11, 2005
Code Review - Eoin Keary
The secure code environment.doc - Eoin Keary
XSS attacks (Code review) - Eoin Keary
SQL Injection (Code review) - Eoin Keary
SSL / TLS, SSL certificate validity, Old, backup and unrefereced files, File
extensions handling, Web server components
Session riding, -Mauro Bregolin
Web Services Security Testing - Alex Smolen August 15, 2005
Unknown authors
--------------------------------------------------------------
Language/Services/Application Specific Testing: PHP - ???
Default or Guessable User Accounts and Empty Passwords -???
authentication.doc - ???
Weak Password Self-Reset Testing - ???
Sensitive data in URL - ???
Configuration Management Infrastructure - ???
OWASP Testing Guide Session management - ???
_________________________________________________________________
Find Irish and international info fast with MSN Search!
http://search.msn.ie/
More information about the Owasp-testing
mailing list