[Owasp-testing] Updated Index draft

gsiere at comcast.net gsiere at comcast.net
Mon Jun 9 12:24:48 EDT 2008

Kinda related to that, section 4.5.1 isn't written yet, but the "vulnerability" is listed as "credential transport over an ecrypted channel" in the checklist.  

Should the "vulnerability" description say "un-encrypted" channel?  Or are we looking for something else (weak encryption?).  I just thought that particular one reads a little confusing compared to all the others (back to Rick's point) - unless I'm completely off on what this check is about.


-------------- Original message -------------- 
From: <rick.mitchell at bell.ca> 

> Hi Kevin & everyone, 
> A few things come to mind, none of which are specific to Kevin's 
> article. 
> 1) I'd suggest we don't use "and/or" is looks indecisive/quick/messy. 
> I've got an illustrative example here if you care to take a look: 
> https://www.owasp.org/index.php/User:Rick.mitchell#.22and.2For.22_Explan 
> ation 
> 2) We need to come up with a standard for section naming conventions 
> (this isn't unique to your article). wikipedia suggests only leading 
> caps however I think the overall plan here is to publish this as a *.doc 
> and *.pdf once complete so I suggest full title caps. 
> 3) I suggest we add some sort of tag to the index page 
> (https://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Table_of_Content 
> s) similar to the "(new)" and "(toimp)" tags to indicate when sections 
> are ready to be reviewed. Perhaps (100), (toreview), or (reviewpls). 
> 4) I agree we should attempt to write in the third person (as has been 
> discussed already). 
> 5) If we're going to use slang terms like "automagically" we should 
> agree on a formatting scheme (unerline, italics, quoted, or whatever). 
> Other than that the article is in good shape. I made some minor edits 
> which you can see via the following diff: 
> https://www.owasp.org/index.php?title=Testing%3A_Identify_application_en 
> try_points&diff=30882&oldid=30711 
> Rick 
> _______________________________________________ 
> Owasp-testing mailing list 
> Owasp-testing at lists.owasp.org 
> https://lists.owasp.org/mailman/listinfo/owasp-testing 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20080609/386646ec/attachment.html 

More information about the Owasp-testing mailing list