[Owasp-testing] Updated Index draft
rick.mitchell at bell.ca
rick.mitchell at bell.ca
Mon Jun 9 12:46:06 EDT 2008
I was replying to Kevin's request for review
(https://lists.owasp.org/pipermail/owasp-testing/2008-June/001548.html).
Though you've raised a good point, I'm assuming the section you've
mentioned is meant to deal with credentials submitted via a http (not
https) form or via a form served via https with a http action.
Therefore, yes I would think that the actual heading should be
"Credential transport over an un-encrypted channel".
Rick
________________________________
From: gsiere at comcast.net [mailto:gsiere at comcast.net]
Sent: June 9, 2008 12:25 PM
To: Mitchell, Rick (6030318); owasp-testing at lists.owasp.org
Subject: Re: [Owasp-testing] Updated Index draft
Kinda related to that, section 4.5.1 isn't written yet, but the
"vulnerability" is listed as "credential transport over an ecrypted
channel" in the checklist.
Should the "vulnerability" description say "un-encrypted" channel? Or
are we looking for something else (weak encryption?). I just thought
that particular one reads a little confusing compared to all the others
(back to Rick's point) - unless I'm completely off on what this check is
about.
-George
-------------- Original message --------------
From: <rick.mitchell at bell.ca>
> Hi Kevin & everyone,
>
> A few things come to mind, none of which are specific to
Kevin's
> article.
>
> 1) I'd suggest we don't use "and/or" is looks
indecisive/quick/messy.
> I've got an illustrative example here if you care to take a
look:
>
https://www.owasp.org/index.php/User:Rick.mitchell#.22and.2For.22_Explan
> ation
>
> 2) We need to come up with a standard for section naming
conventions
> (this isn't unique to your article). wikipedia suggests only
leading
> caps however I think the overall plan here is to publish this
as a *.doc
> and *.pdf once complete so I suggest full title caps.
>
> 3) I suggest we add some sort of tag to the index page
> (https://www.owasp.org/index.p
hp/OWASP_Testing_Guide_v3_Table_of_Content
> s) similar to the "(new)" and "(toimp)" tags to indicate when
sections
> are ready to be reviewed. Perhaps (100), (toreview), or
(reviewpls).
>
> 4) I agree we should attempt to write in the third person (as
has been
> discussed already).
>
> 5) If we're going to use slang terms like "automagically" we
should
> agree on a formatting scheme (unerline, italics, quoted, or
whatever).
>
> Other than that the article is in good shape. I made some
minor edits
> which you can see via the following diff:
>
https://www.owasp.org/index.php?title=Testing%3A_Identify_application_en
> try_points&diff=30882&oldid=30711
>
> Rick
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20080609/9de54288/attachment.html
More information about the Owasp-testing
mailing list