[OWASP-TESTING] Testing guide status

Glyn Geoghegan glyng at corsaire.com
Tue Mar 21 08:00:31 EST 2006 

Hi Eoin,

I compiled a session management section a while back - that may be  
the one you're referring to below (sent in an off-list mail).

I'm happy to pick up a proof read of any of the sections that are  
more black-box/client-side app assessment rather than code review.

Cheers,
Glyn.

-- 
-------------------------------------------------------
G l y n   G e o g h e g a n                   BSc, ARCS
Principal Consultant                       Corsaire Ltd
3 Tannery House, Tannery Lane   AU: +61 (0)413 47 17 21
Send, Surrey, GU23 7EF, UK      UK: +44 (0)1483 226 000
http://www.corsaire.com        Fax: +44 (0)1483 226 001
-------------------------------------------------------



On 21 Mar 2006, at 20:39, Eoin Keary wrote:

> Hello,
> I have compiled the submissions from all contributors below.
> The Authors of some of the documents are unknown, if you are one of  
> them drop me a line.
>
> The documents also need to be reviewed for content initially. The  
> second stage is to format them.
> SO..... We need volunteers to review the documentation....help  
> appreciated.
> Thanks,
> Eoin
>
>
> Known authors:
> ---------------------------------------------------------------------- 
> ---------------------------------
> Cookie manipulating  - Matteo Meucci – Alberto Revelli July 2005
> Buffer Overflow – Heap Overflow Vulnerability - Varun Uppal 31st  
> August, 2005
> Buffer Overflow – stack Overflow Vulnerability - Varun Uppal 10th  
> July, 2005
> OS Injection - Eoin  Keary 2005
> Application Layer Denial of Service (DoS) Attacks - Larry Shields,  
> CISSP - August 11, 2005
> Code Review - Eoin Keary
> The secure code environment.doc - Eoin Keary
> XSS attacks (Code review) - Eoin Keary
> SQL Injection (Code review) - Eoin Keary
> SSL / TLS, SSL certificate validity, Old, backup and unrefereced  
> files, File extensions handling, Web server components
> Session riding,  -Mauro Bregolin
> Web Services Security Testing - Alex Smolen August 15, 2005
>
> Unknown authors
> --------------------------------------------------------------
>
> Language/Services/Application Specific Testing: PHP - ???
> Default or Guessable User Accounts and Empty Passwords -???
> authentication.doc - ???
> Weak Password Self-Reset Testing - ???
> Sensitive data in URL - ???
> Configuration Management Infrastructure - ???
> OWASP Testing Guide Session management - ???
>
> _________________________________________________________________
> Find Irish and international info fast with MSN Search! http:// 
> search.msn.ie/
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting  
> language
> that extends applications into web and mobile media. Attend the  
> live webcast
> and join the prime developer group breaking into this new coding  
> territory!
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> owasp-testing mailing list
> owasp-testing at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-testing

More information about the Owasp-testing mailing list