[Owasp-testing] Updated Index draft

Mon Jun 9 07:36:41 EDT 2008

Dan, 

It's been a while since I was in school, but yes, usually one would use "3rd person" for formal writing.  However - I think writing, especially within our security community, has gotten a lot less formal - which is ok.  We should probably just stay consistent throughout the document though.

-George

-------------- Original message -------------- 
From: "Dave van Stein" <dvstein at gmail.com> 
All,

I have a general question which concerns all chapters of the manual.

In reviewing Kevin's piece I noticed the usage of 'I' and 'you'. Since I am not a native English speaker I don't know about the rules in technical english writing about this, but in my language this is considered unprofessional and should be avoided at all times.

Can someone clear this up for me ? Is that 'allowed' or professional in the english language ?

regards, dave

2008/6/7 kevin horvath <kevin.horvath at gmail.com>:

Thank you for your responses.  As for the GET requests I intended the
proxy to be used for all requests not just the POST's. In the
description I say that I trap every request and every response
additionally I also note that every interesting GET/POST should be
recorded in the spreadsheet and cross referenced to the request number
in the proxy.  Although I will look at it again to try to make sure it
is more clear so that new readers to the project don't misunderstand
it.  Thanks again for all the help so far as it is very much
appreciated.

Kevin

On Sat, Jun 7, 2008 at 7:00 AM, Matteo Flora <mf at matteoflora.com> wrote:
> On Fri, Jun 6, 2008 at 9:42 PM, kevin horvath <kevin.horvath at gmail.com> wrote:
>> I know everyone is busy writing but if anyone could help and do a
>
> Non everybody is busy writing. Someone is READING :)
>
>> quick review of one of my sections I would appreciate it.
>
> Nice work, really.
>
> If only I'm allowed a little side-note I've seen you've suggested the
> use of webapp proxies for analyzing POST requests. It should, in my
> opinion, be clarified that use of proxies (or browser plugins) are a
> good methodology all-over even in GET requests.
>
> More and more over, in fact, as you know GET and POSTs are manipuleted
> or generated via JS and a clear imagine of what happens behind the
> courtains of the code even taking a look at the page source. Add to
> this multiple JS inclusion, a little bit of obfuscation (think about
> Google Analytics scripts) and some fast redirect (as in Tivoli Access
> Manager, for example) and I think anyone will understand why WebScarab
> and/or Tamperdata and/or [include_your_fave_app_here] is vital...
> ...and better not forget those pesky little Iframes that always get
> neglected when you don't use a proxy...
>
> I know you use prokies, I see only the oportunity for doing some
> gentle concept bashing into the minds of "newbies" and people seeking
> a good start in a testing methodology :)
>
> Of course these are just my $0.02 (or €.0012 at the actual exchange rate =])
>
> Matteo. (the OTHER italian Matteo)
>
> --
> Matteo G.P. Flora // www.matteoflora.com // mf(at)matteoflora(dot)com
> Security Consultant and New Media Strategic Consultant
>
> Profile www.linkedin.com/in/matteoflora || Blog www.lastknight.com ||
> Twitter www.twitter.com/lastknight || Facebook
> http://www.facebook.com/profile.php?id=502992052
>
_______________________________________________
Owasp-testing mailing list
Owasp-testing at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-testing
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20080609/17c086da/attachment.html 
-------------- next part --------------
An embedded message was scrubbed...
From: "Dave van Stein" <dvstein at gmail.com>
Subject: Re: [Owasp-testing] Updated Index draft
Date: Sat, 7 Jun 2008 18:56:50 +0000
Size: 735
Url: https://lists.owasp.org/pipermail/owasp-testing/attachments/20080609/17c086da/attachment.mht 