[Owasp-testing] Status Report - Testing Guide v2 - 15th October 06

Matteo Meucci matteo.meucci at gmail.com
Sun Oct 15 17:00:14 EDT 2006


Hi,
Here is the status report of the project for the first 2 weeks:

 Week 01 - Oct 08
=============
    * Checked out all the documentations
    * Built the index and the state of completeness about each paragraphs
    * Review the index of the OWASP Testing Guide
    * Worked on updating the project page

Week 02 - Oct 15
=============
    * Call for participation on webappsec ml
    * Brainstorming about the new Index on OWASP-Testing ml
    * Contacted the best in WebAppSec field to have a feedback about the project
    * 16 people are interested working at the project
    * Created the new [OWASP Testing Guide v2 Table of Contents]
    * Created a new Introduction (Chapter 2):
       1 The OWASP Testing Project
       2 How To Go About Performing An Application Security Review
       3 Principles of Testing
       4 Testing Techniques Explained
       4.1 Manual Inspections & Reviews
       4.2 Threat Modeling
       4.3 Source Code Review
       4.4 Penetration Testing
       4.5 The Need for a Balanced Approach
    * Put the Chapter OWASP Testing Framework as Chapter 3, before the
Chapter in which we describe the testing phase in detail.
    * Renamed Chapter 4 from "Manual Testing Techinques" to "Web
Application Penetration Testing"
    * Rationalized Chapter 4 and splitted the testing into:
4.1 Introduction and objectives 4.2 Information Gathering 4.3 Business
logic testing 4.4 Authentication Testing 4.5 Session Management
Testing 4.6 Data Validation Testing 4.7 Denial of Service Testing 4.8
Infrastructure and configuration Testing 4.9 Web Services Testing 4.10
AJAX Testing
    * Merged 4.2 with 4.8
    * Review content of Information Gathering, Data Validation
    * Created a template for each new paraghraph in Chapter 4.
http://www.owasp.org/index.php/Template_Paragraph_Testing_AoC
    * Created a rule for writing
http://www.owasp.org/index.php/Rule_To_Write_AoC
    * End of brainstorming Index. We have a final Index

Next:
====
* Let's start write: I'm updating the Index page
(http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents)
with the name of the contributors for each paragraph.
*  Deadline for the first draft: 5th November
* If you are interested in writing plese check the rules:
http://www.owasp.org/index.php/Rule_To_Write_AoC
and post a message to the list.

Thanks,
Mat


-- 
Matteo Meucci
OWASP-Italy Chair, CISSP, CISA
http://www.owasp.org/index.php/Italy
OWASP Testing Guide AoC
http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Projects:_Testing_Guide



More information about the Owasp-testing mailing list