[Owasp-testing] Updated Index draft
Dave van Stein
dvstein at gmail.com
Sat Jun 7 14:56:24 EDT 2008
All,
I have a general question which concerns all chapters of the manual.
In reviewing Kevin's piece I noticed the usage of 'I' and 'you'. Since I am
not a native English speaker I don't know about the rules in technical
english writing about this, but in my language this is considered
unprofessional and should be avoided at all times.
Can someone clear this up for me ? Is that 'allowed' or professional in the
english language ?
regards, dave
2008/6/7 kevin horvath <kevin.horvath at gmail.com>:
> Thank you for your responses. As for the GET requests I intended the
> proxy to be used for all requests not just the POST's. In the
> description I say that I trap every request and every response
> additionally I also note that every interesting GET/POST should be
> recorded in the spreadsheet and cross referenced to the request number
> in the proxy. Although I will look at it again to try to make sure it
> is more clear so that new readers to the project don't misunderstand
> it. Thanks again for all the help so far as it is very much
> appreciated.
>
> Kevin
>
> On Sat, Jun 7, 2008 at 7:00 AM, Matteo Flora <mf at matteoflora.com> wrote:
> > On Fri, Jun 6, 2008 at 9:42 PM, kevin horvath <kevin.horvath at gmail.com>
> wrote:
> >> I know everyone is busy writing but if anyone could help and do a
> >
> > Non everybody is busy writing. Someone is READING :)
> >
> >> quick review of one of my sections I would appreciate it.
> >
> > Nice work, really.
> >
> > If only I'm allowed a little side-note I've seen you've suggested the
> > use of webapp proxies for analyzing POST requests. It should, in my
> > opinion, be clarified that use of proxies (or browser plugins) are a
> > good methodology all-over even in GET requests.
> >
> > More and more over, in fact, as you know GET and POSTs are manipuleted
> > or generated via JS and a clear imagine of what happens behind the
> > courtains of the code even taking a look at the page source. Add to
> > this multiple JS inclusion, a little bit of obfuscation (think about
> > Google Analytics scripts) and some fast redirect (as in Tivoli Access
> > Manager, for example) and I think anyone will understand why WebScarab
> > and/or Tamperdata and/or [include_your_fave_app_here] is vital...
> > ...and better not forget those pesky little Iframes that always get
> > neglected when you don't use a proxy...
> >
> > I know you use prokies, I see only the oportunity for doing some
> > gentle concept bashing into the minds of "newbies" and people seeking
> > a good start in a testing methodology :)
> >
> > Of course these are just my $0.02 (or €.0012 at the actual exchange rate
> =])
> >
> > Matteo. (the OTHER italian Matteo)
> >
> > --
> > Matteo G.P. Flora // www.matteoflora.com // mf(at)matteoflora(dot)com
> > Security Consultant and New Media Strategic Consultant
> >
> > Profile www.linkedin.com/in/matteoflora || Blog www.lastknight.com ||
> > Twitter www.twitter.com/lastknight || Facebook
> > http://www.facebook.com/profile.php?id=502992052
> >
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20080607/7ec378a4/attachment.html
More information about the Owasp-testing
mailing list