[Owasp-testing] Offering Help

Jeff Williams jeff.williams at owasp.org
Tue Apr 15 00:18:29 EDT 2008


Hi Matthias,

Those look like some great topics for the testing guide.  Would love it if
you would contribute them.  The best way is just to dive in and start
writing!  There are a lot of people monitoring changes to the wiki, so don't
worry about making mistakes, people will see them and update your pages.

Thanks!

--Jeff

Jeff Williams, Chair
The OWASP Foundation
work: 410-707-1487
main: 301-604-4882

OWASP AppSec NYC 2008 is coming...  are you ready?


-----Original Message-----
From: owasp-testing-bounces at lists.owasp.org
[mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Matthias Rohr
Sent: Monday, April 14, 2008 9:04 AM
To: owasp-testing at lists.owasp.org
Subject: [Owasp-testing] Offering Help

Hello List,

I have some years of professional expierence with conducting pentests of web
applications and would like to offer my modest help for
this interesting project of yours.

How could I do this ? Are there any sub groups for certain topics ?

For instance, I suppose I could constribute some content to the upcomming
AJAX/Flash/Java Applets test cases. Also, I came up with
the following new (?) topics that might probably be of interest for the
guide:

Data Validation - Testing CRLF Injection / HTTP Response Splitting
Data Validation - Testing Link Spoofing / Injection
Data Validation - Testing Second Order Code Injection
Input Validation - Testing  File Uploads (e.g. for malicious file upload
possibilities)
Input Validation - HTML/Rich Content
Web Services Testing - Testing Known Framework Vulnerabilities
Web Services Testing - Testing SOAP Error Handling
Authentication Testing - Testing Anti-Enumeration Measures (e.g. CAPTCHAs)

Regards,

Matthias

_______________________________________________
Owasp-testing mailing list
Owasp-testing at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-testing



More information about the Owasp-testing mailing list