[OWASP-TESTING] Testing guide status

[Javier Fernandez-Sanguino]

Eoin Keary wrote:
> Hello,
> I have compiled the submissions from all contributors below.
> The Authors of some of the documents are unknown, if you are one of them 
> drop me a line.

Answer inline:

> Old, backup and unrefereced files

It is worthwhile noticing that this section includes text provided by
Dafydd Stuttard (written way back in the first attempt to release the 
guide, in october 2003). Which I pointed to Mauro Bregolin when he was 
writting the section.

> Unknown authors
> --------------------------------------------------------------
> Configuration Management Infrastructure - ???

Configuration Management Infrastructure -  Javier Fernandez-Sanguino - 
August, 1st 2005
Includes:
  ·	Known Web Server Vulnerabilities
·	Web application architecture (investigating/discovering components 
such as  application servers, DBMSs, other back-end applications, etc.)
·	Access and visibility of administrative tools of web, application, etc 
servers.
·	Authentication back-ends (LDAP, DBMS, text files)

Configuration Management Application -  Javier Fernandez-Sanguino, 
August, 1st 2005
Includes:
·	Sample/known files and directories
·	Comment review
·	Configuration review
·	Logging


I sent those in my e-mail [1] dated August the 1st, 2005. The 
"Configuration Management Application" section is missing the following 
subsections: Permissions, Unsafe modules, HTML and hidden form fields, 
Error handling and page analysis and Process permissions. As I said,  I 
wanted to review the writing style of the other submissions before doing 
this. I did not receive any feedback on that submission and, since I 
didn't see any master document with all the other submissions, didn't 
know wether my style fitted in properly or I need to change it to adapt 
to others.

That being said, I'd be willing to review the current master document.

Regards

Javier

[1] Message-ID: <42EDE840.50603 at germinus.com>