[Owasp-testing] Brainstorming about the new Index

Stefano Di Paola wisec at wisec.it
Thu Oct 12 18:28:23 EDT 2006


Just a couple of things that come to my mind (thanks to Matteo and
Alberto)...

Data Validation Testing chapter misses a little par. about 
directory traversal/local file include and remote file include.

Another point is about athentication and authorization chapter, on pages
which miss to exit on a redirection when they find the login/passwd are
wrong. 
An example below in Php:
<?
if(islogged())
header("Location : redir.php")
// without exit and then login page follows
logged-in code..-.
?>

Maybe in this cases a paragraph is worth writing to cover the issue and
to point out the use of command line raw requests like curl and related.

Stefano



On gio, 2006-10-12 at 11:51 +0200, Matteo Meucci wrote:
> Yes,
> I think you are right: this paragraph already exists.
> look at:
> (http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents)
> 4.6 Data Validation Testing 0% TD
> 4.6.1 Cross site scripting 0% TD
> 4.6.1.1 Incubated attacks 0% TD
> 
> Ariel may be says that Incubated attacks are a combination of SQL Inj
> and XSS, but we can reasonably affirm that is a particular XSS attack.
> In the same paragraph we can show an example that how a XSS Inc Attack
> works exploiting an SQL Inj vulnerability.
> Right?
> 
> Mat
> 
> 
> 
> On 10/12/06, Eoin <eoinkeary at gmail.com> wrote:
> > Hi,
> > incubated attacks are important enough to warrant a section under XSS. It is
> > another varient of XSS.
> > Metteo what do you think?
> >
> >
> >
> > On 11/10/06, Ariel Waissbein <wata.34mt at coresecurity.com> wrote:
> > > Hi all,
> > >
> > > my first post and 2 cents here:
> > >
> > > I guess we should make a difference between the techniques of unit
> > > testing and the results of UT. Even if UT can be used to... e.g.,
> > > discover BO or SQL-injection vulns.
> > >
> > > Although, I noticed that there is an Appendix for fuzzing which is
> > > another technique for discovering (some) vulnerabilities.
> > >
> > >
> > > A new question: imagine the following situation: The pen tester
> > > discovers a SQL-injection vulnerability in a webapp he is auditing. This
> > > vuln. allows him to store some javascript in the Db and therefore
> > > perpetrate a XSS attack (incubated) on the users of this webapp.  My
> > > question is where do we describe this attacks? (I think they are
> > > important enough to be included somewhere.)
> > >
> > > Cheers,
> > > Ariel
> > >
> > > Eoin Keary wrote:
> > > > Hi,
> > > >
> > > > Question:
> > > > Do we want to get into Unit Testing and SDLC methodology in this guide?
> > > > I thought they would be more suite to Andrews dev guide or the code
> > > > review project.
> > > > unit testing is related to testing small blocks of a syaytem
> > > > individually and hence a development phase done prior to system and
> > > > integration testing.
> > > > The Guide currently focuses on penetration testing which is "After the
> > > > Fact" testing and not really one until the system in developed.
> > > >
> > > > What y'all think?
> > > >
> > > > Eoin
> > > >
> > > _______________________________________________
> > > Owasp-testing mailing list
> > > Owasp-testing at lists.owasp.org
> > > http://lists.owasp.org/mailman/listinfo/owasp-testing
> > >
> >
> >
> >
> > --
> > Eoin Keary OWASP - Ireland
> > http://www.owasp.org/local/ireland.html
> >  http://www.owasp.org/index.php/OWASP_Testing_Project
> > http://www.owasp.org/index.php/OWASP_Code_Review_Project
> > _______________________________________________
> > Owasp-testing mailing list
> > Owasp-testing at lists.owasp.org
> > http://lists.owasp.org/mailman/listinfo/owasp-testing
> >
> >
> >
> 





More information about the Owasp-testing mailing list