[Owasp-testing] Offering Help

Matthias Rohr mro at securenet.de
Mon Apr 14 09:03:48 EDT 2008

Hello List,

I have some years of professional expierence with conducting pentests of web applications and would like to offer my modest help for
this interesting project of yours.

How could I do this ? Are there any sub groups for certain topics ?

For instance, I suppose I could constribute some content to the upcomming AJAX/Flash/Java Applets test cases. Also, I came up with
the following new (?) topics that might probably be of interest for the guide:

Data Validation - Testing CRLF Injection / HTTP Response Splitting
Data Validation - Testing Link Spoofing / Injection
Data Validation - Testing Second Order Code Injection
Input Validation - Testing  File Uploads (e.g. for malicious file upload possibilities)
Input Validation - HTML/Rich Content
Web Services Testing - Testing Known Framework Vulnerabilities
Web Services Testing - Testing SOAP Error Handling
Authentication Testing - Testing Anti-Enumeration Measures (e.g. CAPTCHAs)



More information about the Owasp-testing mailing list