[OWASP-TESTING] Testing guide status

Javier Fernandez-Sanguino jfernandez at germinus.com
Tue Mar 21 06:56:39 EST 2006

Eoin Keary wrote:
> Hello,
> I have compiled the submissions from all contributors below.
> The Authors of some of the documents are unknown, if you are one of them 
> drop me a line.

Answer inline:

> Old, backup and unrefereced files

It is worthwhile noticing that this section includes text provided by
Dafydd Stuttard (written way back in the first attempt to release the 
guide, in october 2003). Which I pointed to Mauro Bregolin when he was 
writting the section.

> Unknown authors
> --------------------------------------------------------------
> Configuration Management Infrastructure - ???

Configuration Management Infrastructure -  Javier Fernandez-Sanguino - 
August, 1st 2005
  ·	Known Web Server Vulnerabilities
·	Web application architecture (investigating/discovering components 
such as  application servers, DBMSs, other back-end applications, etc.)
·	Access and visibility of administrative tools of web, application, etc 
·	Authentication back-ends (LDAP, DBMS, text files)

Configuration Management Application -  Javier Fernandez-Sanguino, 
August, 1st 2005
·	Sample/known files and directories
·	Comment review
·	Configuration review
·	Logging

I sent those in my e-mail [1] dated August the 1st, 2005. The 
"Configuration Management Application" section is missing the following 
subsections: Permissions, Unsafe modules, HTML and hidden form fields, 
Error handling and page analysis and Process permissions. As I said,  I 
wanted to review the writing style of the other submissions before doing 
this. I did not receive any feedback on that submission and, since I 
didn't see any master document with all the other submissions, didn't 
know wether my style fitted in properly or I need to change it to adapt 
to others.

That being said, I'd be willing to review the current master document.



[1] Message-ID: <42EDE840.50603 at germinus.com>

More information about the Owasp-testing mailing list