[Owasp-testing] Offering Help

Jeff Williams jeff.williams at owasp.org
Tue Apr 15 00:18:29 EDT 2008

Hi Matthias,

Those look like some great topics for the testing guide.  Would love it if
you would contribute them.  The best way is just to dive in and start
writing!  There are a lot of people monitoring changes to the wiki, so don't
worry about making mistakes, people will see them and update your pages.



Jeff Williams, Chair
The OWASP Foundation
work: 410-707-1487
main: 301-604-4882

OWASP AppSec NYC 2008 is coming...  are you ready?

-----Original Message-----
From: owasp-testing-bounces at lists.owasp.org
[mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Matthias Rohr
Sent: Monday, April 14, 2008 9:04 AM
To: owasp-testing at lists.owasp.org
Subject: [Owasp-testing] Offering Help

Hello List,

I have some years of professional expierence with conducting pentests of web
applications and would like to offer my modest help for
this interesting project of yours.

How could I do this ? Are there any sub groups for certain topics ?

For instance, I suppose I could constribute some content to the upcomming
AJAX/Flash/Java Applets test cases. Also, I came up with
the following new (?) topics that might probably be of interest for the

Data Validation - Testing CRLF Injection / HTTP Response Splitting
Data Validation - Testing Link Spoofing / Injection
Data Validation - Testing Second Order Code Injection
Input Validation - Testing  File Uploads (e.g. for malicious file upload
Input Validation - HTML/Rich Content
Web Services Testing - Testing Known Framework Vulnerabilities
Web Services Testing - Testing SOAP Error Handling
Authentication Testing - Testing Anti-Enumeration Measures (e.g. CAPTCHAs)



Owasp-testing mailing list
Owasp-testing at lists.owasp.org

More information about the Owasp-testing mailing list