[OWASP-TESTING] Testing guide status

Matteo Meucci matteo.meucci at gmail.com
Wed Mar 22 09:22:39 EST 2006 

Hi Eoin,
I'd like to partecipate in reviewing the drafts.

So how many paragraphs of the original "OWASP Testing Guide Section
Two Outline (final draft"are not completeted in this moment?

Thanks,
Mat



On 3/21/06, Glyn Geoghegan <glyng at corsaire.com> wrote:
> Hi Eoin,
>
> I compiled a session management section a while back - that may be
> the one you're referring to below (sent in an off-list mail).
>
> I'm happy to pick up a proof read of any of the sections that are
> more black-box/client-side app assessment rather than code review.
>
> Cheers,
> Glyn.
>
> --
> -------------------------------------------------------
> G l y n   G e o g h e g a n                   BSc, ARCS
> Principal Consultant                       Corsaire Ltd
> 3 Tannery House, Tannery Lane   AU: +61 (0)413 47 17 21
> Send, Surrey, GU23 7EF, UK      UK: +44 (0)1483 226 000
> http://www.corsaire.com        Fax: +44 (0)1483 226 001
> -------------------------------------------------------
>
>
>
> On 21 Mar 2006, at 20:39, Eoin Keary wrote:
>
> > Hello,
> > I have compiled the submissions from all contributors below.
> > The Authors of some of the documents are unknown, if you are one of
> > them drop me a line.
> >
> > The documents also need to be reviewed for content initially. The
> > second stage is to format them.
> > SO..... We need volunteers to review the documentation....help
> > appreciated.
> > Thanks,
> > Eoin
> >
> >
> > Known authors:
> > ----------------------------------------------------------------------
> > ---------------------------------
> > Cookie manipulating  - Matteo Meucci – Alberto Revelli July 2005
> > Buffer Overflow – Heap Overflow Vulnerability - Varun Uppal 31st
> > August, 2005
> > Buffer Overflow – stack Overflow Vulnerability - Varun Uppal 10th
> > July, 2005
> > OS Injection - Eoin  Keary 2005
> > Application Layer Denial of Service (DoS) Attacks - Larry Shields,
> > CISSP - August 11, 2005
> > Code Review - Eoin Keary
> > The secure code environment.doc - Eoin Keary
> > XSS attacks (Code review) - Eoin Keary
> > SQL Injection (Code review) - Eoin Keary
> > SSL / TLS, SSL certificate validity, Old, backup and unrefereced
> > files, File extensions handling, Web server components
> > Session riding,  -Mauro Bregolin
> > Web Services Security Testing - Alex Smolen August 15, 2005
> >
> > Unknown authors
> > --------------------------------------------------------------
> >
> > Language/Services/Application Specific Testing: PHP - ???
> > Default or Guessable User Accounts and Empty Passwords -???
> > authentication.doc - ???
> > Weak Password Self-Reset Testing - ???
> > Sensitive data in URL - ???
> > Configuration Management Infrastructure - ???
> > OWASP Testing Guide Session management - ???
> >
> > _________________________________________________________________
> > Find Irish and international info fast with MSN Search! http://
> > search.msn.ie/
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by xPML, a groundbreaking scripting
> > language
> > that extends applications into web and mobile media. Attend the
> > live webcast
> > and join the prime developer group breaking into this new coding
> > territory!
> > http://sel.as-us.falkag.net/sel?
> > cmd=lnk&kid=110944&bid=241720&dat=121642
> > _______________________________________________
> > owasp-testing mailing list
> > owasp-testing at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/owasp-testing
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmdlnk&kid0944&bid$1720&dat1642
> _______________________________________________
> owasp-testing mailing list
> owasp-testing at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-testing
>


--
Matteo Meucci
OWASP-Italy Chair, CISSP
site: http://www.owasp.org/local/italy.html
mail: matteo.meucci at owasp.org
ml: https://lists.sourceforge.net/lists/listinfo/owasp-italy

More information about the Owasp-testing mailing list