[Owasp-testing] Updated Index draft

Daniel Cuthbert daniel.cuthbert at owasp.org
Mon Jun 9 07:42:54 EDT 2008 

Whilst the industry might have become slack with the use of english,  
business hasn't, especially when it comes to delivering reports that  
are read by senior management and board level members. There is  
nothing worse than a informal report being given to a client and them  
wondering if they indeed are actually dealing with a professional  
business person or a hacker.


On 09 Jun 2008, at 12:36 PM, gsiere at comcast.net wrote:

> Dan,
>
> It's been a while since I was in school, but yes, usually one would  
> use "3rd person" for formal writing.  However - I think writing,  
> especially within our security community, has gotten a lot less  
> formal - which is ok.  We should probably just stay consistent  
> throughout the document though.
>
> -George
>
> -------------- Original message --------------
> From: "Dave van Stein" <dvstein at gmail.com>
> All,
>
> I have a general question which concerns all chapters of the manual.
>
> In reviewing Kevin's piece I noticed the usage of 'I' and 'you'.  
> Since I am not a native English speaker I don't know about the rules  
> in technical english writing about this, but in my language this is  
> considered unprofessional and should be avoided at all times.
>
> Can someone clear this up for me ? Is that 'allowed' or professional  
> in the english language ?
>
> regards, dave
>
>
>
> 2008/6/7 kevin horvath <kevin.horvath at gmail.com>:
> Thank you for your responses.  As for the GET requests I intended the
> proxy to be used for all requests not just the POST's. In the
> description I say that I trap every request and every response
> additionally I also note that every interesting GET/POST should be
> recorded in the spreadsheet and cross referenced to the request number
> in the proxy.  Although I will look at it again to try to make sure it
> is more clear so that new readers to the project don't misunderstand
> it.  Thanks again for all the help so far as it is very much
> appreciated.
>
> Kevin
>
>
> On Sat, Jun 7, 2008 at 7:00 AM, Matteo Flora <mf at matteoflora.com>  
> wrote:
> > On Fri, Jun 6, 2008 at 9:42 PM, kevin horvath <kevin.horvath at gmail.com 
> > wrote:
> >> I know everyone is busy writing but if anyone could help and do a
> >
> > Non everybody is busy writing. Someone is READING :)
> >
> >> quick review of one of my sections I would appreciate it.
> >
> > Nice work, really.
> >
> > If only I'm allowed a little side-note I've seen you've suggested  
> the
> > use of webapp proxies for analyzing POST requests. It should, in my
> > opinion, be clarified that use of proxies (or browser plugins) are a
> > good methodology all-over even in GET requests.
> >
> > More and more over, in fact, as you know GET and POSTs are  
> manipuleted
> > or generated via JS and a clear imagine of what happens behind  
> the< BR>> courtains of the code even taking a look at the page  
> source. Add to
> > this multiple JS inclusion, a little bit of obfuscation (think about
> > Google Analytics scripts) and some fast redirect (as in Tivoli  
> Access
> > Manager, for example) and I think anyone will understand why  
> WebScarab
> > and/or Tamperdata and/or [include_your_fave_app_here] is vital...
> > ...and better not forget those pesky little Iframes that always get
> > neglected when you don't use a proxy...
> >
> > I know you use prokies, I see only the oportunity for doing some
> > gentle concept bashing into the minds of "newbies" and people  
> seeking
> > a good start in a testing methodology :)
> >
> > Of course these are just my $0.02 (or €.0012 at the actual  
> exchange rate =])
> >
> > Matteo. (the OTHER italian Matteo)
> >
> > --
> > Matteo G.P. Flora // www.matteoflora.com // mf(at)mat  
> teoflora(dot)com
> > Security Consultant and New Media Strategic Consultant
> >
> > Profile www.linkedin.com/in/matteoflora || Blog www.lastknight.com  
> ||
> > Twitter www.twitter.com/lastknight || Facebook
> > http://www.facebook.com/profile.php?id=502992052
> >
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
> From: "Dave van Stein" <dvstein at gmail.com>
> Date: 07 June 2008 7:56:50 PM
> To: "kevin horvath" <kevin.horvath at gmail.com>
> Cc: owasp-testing <owasp-testing at lists.owasp.org>
> Subject: Re: [Owasp-testing] Updated Index draft
>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20080609/3fee3d44/attachment-0001.html

More information about the Owasp-testing mailing list