[Owasp-testing] Project Update

Matteo Meucci matteo.meucci at gmail.com
Mon Aug 25 15:00:08 EDT 2008


Hi all,
we will finish all the Testing Guide articles by tomorrow 26th August.

http://www.owasp.org/index.php/OWASP_Testing_Project_v3_Roadmap
Thank you authors!

Now it's time for the reviewers to review all the project: deadline 31st August.

Thanks!
Mat



On Fri, Aug 22, 2008 at 3:15 PM, Matteo Meucci <matteo.meucci at gmail.com> wrote:
> Hi all,
> thank you for your effort!
>
> Here is the project roadmap from August:
> https://www.owasp.org/index.php/OWASP_Testing_Project_v3_Roadmap
>
> *  12th August 2008
>
> Articles reviewed/written:
> Testing:_Introduction_and_objectives
> Testing_Checklist
> 4.3 Configuration Management Testing
> 4.2 Information Gathering
>
>    * 13 August 2008
>
> Reviewed:
> Testing_for_business_logic Testing_for_SQL_Wildcard_Attacks (Rick.mitchell)
> Added:
> (new: G.Fedon) 4.5.9 Testing Multiple Factors Authentication
> Written:
> Testing_for_authentication
>
>    * 14 August 2008
>
> Reviewed: Testing_for_credentials_transport
> Written:
> Testing_for_user_enumeration (M.Mella)
> Testing_for_authorization
> Testing_for_Session_Management
> merged the 2 articles:
> Testing for Session_Management_Schema
> Testing for Cookie and Session Token Manipulation
> Now we have a new one: Testing for Session_Management_Schema
>
>    * 15 August 2008
>
> Testing_for_Session_Fixation
>
>    * 16th August 2008
>
> Reviewed (M.Cova):
> 4.2 Information Gathering
> 4.3 Configuration Management Testing
> 4.5 Authentication Testing
>
>    * 18th August 2008
>
> Reviewed (M.Cova):
> 4.6 Authorization testing
> Written (A.van der Stock):
> Testing_for_HTTP_Methods_and_XST (HTTP Verb)
>
>    * 20th August 2008
>
> Reviewed (M.Cova):
> Web Services
> Written (A.Parata):
> 4.8.5.4 MS Access Testing
>
>    * 21st August 2008
>
> Updated:
> Testing_for_Session_Fixation
> Testing_for_Bypassing_Authorization_Schema
> Testing_for_Privilege_escalation
>
>    * 22nd August 2008
> Writing (Adam): Testing_for_Admin_Interfaces
>
> ---------------------------------------------------------------------
>
> Talking about Web Services Testing, I've updated the whole section and
> now we have the following new/improved articles:
> Testing Web Services
> 4.10 Web Services Testing
> 4.10.1 WS Information Gathering
> 4.10.2 Testing WSDL
> 4.10.3 XML Structural Testing
>
> ---------------------------------------------------------------------
> We need to finish the following articles:
>
> (new: M.Meucci - 90% ) 4.1.1 Testing Checklist
> (new:C.Heinrich - 0%)4.2.1 Spiders, Robots and Crawlers
> (new:C.Heinrich - 0%)4.2.2 Search Engine Discovery/Reconnaissance
> (new: Adam) 4.3.7 Infrastructure and Application Admin Interfaces
> (new: M.Meucci, M.Mella - 90%) 4.5.2 Testing for user enumeration
> (new: G.Fedon) 4.5.9 Testing Multiple Factors Authentication
> (new: A.Agarwwal, Kuza55, D.Cuthbert - 80%) 4.8.3 Testing for DOM
> based Cross Site Scripting
> (new: A.Agarwwal, S.Di Paola - 0%)4.8.4 Testing for Cross Site Flashing
>
> Articles to review:
> MS Access Testing
> Testing PostgreSQL
>
> Authors, please we have to finish the articles by the 24th August, so
> we can start the reviewing phase.
> Thanks,
> Mat
>
> --
> Matteo Meucci
> OWASP-Italy Chair, CISSP, CISA
> http://www.owasp.org/index.php/Italy
> OWASP Testing Guide lead
> http://www.owasp.org/index.php/Testing_Guide
>



-- 
Matteo Meucci
OWASP-Italy Chair, CISSP, CISA
http://www.owasp.org/index.php/Italy
OWASP Testing Guide lead
http://www.owasp.org/index.php/Testing_Guide


More information about the Owasp-testing mailing list