[Owasp-testing] Project Update

Matteo Meucci matteo.meucci at gmail.com
Fri Aug 22 09:15:21 EDT 2008


Hi all,
thank you for your effort!

Here is the project roadmap from August:
https://www.owasp.org/index.php/OWASP_Testing_Project_v3_Roadmap

*  12th August 2008

Articles reviewed/written:
Testing:_Introduction_and_objectives
Testing_Checklist
4.3 Configuration Management Testing
4.2 Information Gathering

    * 13 August 2008

Reviewed:
Testing_for_business_logic Testing_for_SQL_Wildcard_Attacks (Rick.mitchell)
Added:
(new: G.Fedon) 4.5.9 Testing Multiple Factors Authentication
Written:
Testing_for_authentication

    * 14 August 2008

Reviewed: Testing_for_credentials_transport
Written:
Testing_for_user_enumeration (M.Mella)
Testing_for_authorization
Testing_for_Session_Management
merged the 2 articles:
Testing for Session_Management_Schema
Testing for Cookie and Session Token Manipulation
Now we have a new one: Testing for Session_Management_Schema

    * 15 August 2008

Testing_for_Session_Fixation

    * 16th August 2008

Reviewed (M.Cova):
4.2 Information Gathering
4.3 Configuration Management Testing
4.5 Authentication Testing

    * 18th August 2008

Reviewed (M.Cova):
4.6 Authorization testing
Written (A.van der Stock):
Testing_for_HTTP_Methods_and_XST (HTTP Verb)

    * 20th August 2008

Reviewed (M.Cova):
Web Services
Written (A.Parata):
4.8.5.4 MS Access Testing

    * 21st August 2008

Updated:
Testing_for_Session_Fixation
Testing_for_Bypassing_Authorization_Schema
Testing_for_Privilege_escalation

    * 22nd August 2008
Writing (Adam): Testing_for_Admin_Interfaces

---------------------------------------------------------------------

Talking about Web Services Testing, I've updated the whole section and
now we have the following new/improved articles:
Testing Web Services
4.10 Web Services Testing
4.10.1 WS Information Gathering
4.10.2 Testing WSDL
4.10.3 XML Structural Testing

---------------------------------------------------------------------
We need to finish the following articles:

(new: M.Meucci - 90% ) 4.1.1 Testing Checklist
(new:C.Heinrich - 0%)4.2.1 Spiders, Robots and Crawlers
(new:C.Heinrich - 0%)4.2.2 Search Engine Discovery/Reconnaissance
(new: Adam) 4.3.7 Infrastructure and Application Admin Interfaces
(new: M.Meucci, M.Mella - 90%) 4.5.2 Testing for user enumeration
(new: G.Fedon) 4.5.9 Testing Multiple Factors Authentication
(new: A.Agarwwal, Kuza55, D.Cuthbert - 80%) 4.8.3 Testing for DOM
based Cross Site Scripting
(new: A.Agarwwal, S.Di Paola - 0%)4.8.4 Testing for Cross Site Flashing

Articles to review:
MS Access Testing
Testing PostgreSQL

Authors, please we have to finish the articles by the 24th August, so
we can start the reviewing phase.
Thanks,
Mat

-- 
Matteo Meucci
OWASP-Italy Chair, CISSP, CISA
http://www.owasp.org/index.php/Italy
OWASP Testing Guide lead
http://www.owasp.org/index.php/Testing_Guide


More information about the Owasp-testing mailing list