[Owasp-testing] Updated Index draft

kevin horvath kevin.horvath at gmail.com
Mon Jun 9 10:15:05 EDT 2008 

I agree that no matter which route we take on this or anything else in
regards to the guide we should be consistent throughout.  Since I
believe this guide is targeted to the professional ethical hacker it
should be written in a more professional manner, as such I will update
my sections to reflect the "3rd person" more formal writing style.

Thanks again for the feedback!

Kevin

On Mon, Jun 9, 2008 at 7:42 AM, Daniel Cuthbert
<daniel.cuthbert at owasp.org> wrote:
> Whilst the industry might have become slack with the use of english,
> business hasn't, especially when it comes to delivering reports that are
> read by senior management and board level members. There is nothing worse
> than a informal report being given to a client and them wondering if they
> indeed are actually dealing with a professional business person or a hacker.
>
> On 09 Jun 2008, at 12:36 PM, gsiere at comcast.net wrote:
>
> Dan,
>
> It's been a while since I was in school, but yes, usually one would use "3rd
> person" for formal writing.  However - I think writing, especially within
> our security community, has gotten a lot less formal - which is ok.  We
> should probably just stay consistent throughout the document though.
>
> -George
>
>
> -------------- Original message --------------
> From: "Dave van Stein" <dvstein at gmail.com>
> All,
>
> I have a general question which concerns all chapters of the manual.
>
> In reviewing Kevin's piece I noticed the usage of 'I' and 'you'. Since I am
> not a native English speaker I don't know about the rules in technical
> english writing about this, but in my language this is considered
> unprofessional and should be avoided at all times.
>
> Can someone clear this up for me ? Is that 'allowed' or professional in the
> english language ?
>
> regards, dave
>
>
>
> 2008/6/7 kevin horvath <kevin.horvath at gmail.com>:
>>
>> Thank you for your responses.  As for the GET requests I intended the
>> proxy to be used for all requests not just the POST's. In the
>> description I say that I trap every request and every response
>> additionally I also note that every interesting GET/POST should be
>> recorded in the spreadsheet and cross referenced to the request number
>> in the proxy.  Although I will look at it again to try to make sure it
>> is more clear so that new readers to the project don't misunderstand
>> it.  Thanks again for all the help so far as it is very much
>> appreciated.
>>
>> Kevin
>>
>> On Sat, Jun 7, 2008 at 7:00 AM, Matteo Flora <mf at matteoflora.com> wrote:
>> > On Fri, Jun 6, 2008 at 9:42 PM, kevin horvath <kevin.horvath at gmail.com>
>> > wrote:
>> >> I know everyone is busy writing but if anyone could help and do a
>> >
>> > Non everybody is busy writing. Someone is READING :)
>> >
>> >> quick review of one of my sections I would appreciate it.
>> >
>> > Nice work, really.
>> >
>> > If only I'm allowed a little side-note I've seen you've suggested the
>> > use of webapp proxies for analyzing POST requests. It should, in my
>> > opinion, be clarified that use of proxies (or browser plugins) are a
>> > good methodology all-over even in GET requests.
>> >
>> > More and more over, in fact, as you know GET and POSTs are manipuleted
>> > or generated via JS and a clear imagine of what happens behind the< BR>>
>> > courtains of the code even taking a look at the page source. Add to
>> > this multiple JS inclusion, a little bit of obfuscation (think about
>> > Google Analytics scripts) and some fast redirect (as in Tivoli Access
>> > Manager, for example) and I think anyone will understand why WebScarab
>> > and/or Tamperdata and/or [include_your_fave_app_here] is vital...
>> > ...and better not forget those pesky little Iframes that always get
>> > neglected when you don't use a proxy...
>> >
>> > I know you use prokies, I see only the oportunity for doing some
>> > gentle concept bashing into the minds of "newbies" and people seeking
>> > a good start in a testing methodology :)
>> >
>> > Of course these are just my $0.02 (or €.0012 at the actual exchange rate
>> > =])
>> >
>> > Matteo. (the OTHER italian Matteo)
>> >
>> > --
>> > Matteo G.P. Flora // www.matteoflora.com // mf(at)mat teoflora(dot)com
>> > Security Consultant and New Media Strategic Consultant
>> >
>> > Profile www.linkedin.com/in/matteoflora || Blog www.lastknight.com ||
>> > Twitter www.twitter.com/lastknight || Facebook
>> > http://www.facebook.com/profile.php?id=502992052
>> >
>> _______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
> From: "Dave van Stein" <dvstein at gmail.com>
> Date: 07 June 2008 7:56:50 PM
> To: "kevin horvath" <kevin.horvath at gmail.com>
> Cc: owasp-testing <owasp-testing at lists.owasp.org>
> Subject: Re: [Owasp-testing] Updated Index draft
>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>

More information about the Owasp-testing mailing list