[Owasp-testing] Brainstorming about the new Index

Eoin eoinkeary at gmail.com
Thu Oct 12 04:57:03 EDT 2006


Hi,
incubated attacks are important enough to warrant a section under XSS. It is
another varient of XSS.
Metteo what do you think?


On 11/10/06, Ariel Waissbein <wata.34mt at coresecurity.com> wrote:
>
> Hi all,
>
> my first post and 2 cents here:
>
> I guess we should make a difference between the techniques of unit
> testing and the results of UT. Even if UT can be used to... e.g.,
> discover BO or SQL-injection vulns.
>
> Although, I noticed that there is an Appendix for fuzzing which is
> another technique for discovering (some) vulnerabilities.
>
>
> A new question: imagine the following situation: The pen tester
> discovers a SQL-injection vulnerability in a webapp he is auditing. This
> vuln. allows him to store some javascript in the Db and therefore
> perpetrate a XSS attack (incubated) on the users of this webapp.  My
> question is where do we describe this attacks? (I think they are
> important enough to be included somewhere.)
>
> Cheers,
> Ariel
>
> Eoin Keary wrote:
> > Hi,
> >
> > Question:
> > Do we want to get into Unit Testing and SDLC methodology in this guide?
> > I thought they would be more suite to Andrews dev guide or the code
> > review project.
> > unit testing is related to testing small blocks of a syaytem
> > individually and hence a development phase done prior to system and
> > integration testing.
> > The Guide currently focuses on penetration testing which is "After the
> > Fact" testing and not really one until the system in developed.
> >
> > What y'all think?
> >
> > Eoin
> >
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-testing
>



-- 
Eoin Keary OWASP - Ireland
http://www.owasp.org/local/ireland.html
http://www.owasp.org/index.php/OWASP_Testing_Project
http://www.owasp.org/index.php/OWASP_Code_Review_Project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20061012/630820b1/attachment-0002.html 


More information about the Owasp-testing mailing list