[Owasp-testing] Updated Index draft

rick.mitchell at bell.ca rick.mitchell at bell.ca
Mon Jun 9 12:46:06 EDT 2008

I was replying to Kevin's request for review
Though you've raised a good point, I'm assuming the section you've
mentioned is meant to deal with credentials submitted via a http (not
https) form or via a form served via https with a http action.
Therefore, yes I would think that the actual heading should be
"Credential transport over an un-encrypted channel".


From: gsiere at comcast.net [mailto:gsiere at comcast.net] 
Sent: June 9, 2008 12:25 PM
To: Mitchell, Rick (6030318); owasp-testing at lists.owasp.org
Subject: Re: [Owasp-testing] Updated Index draft

Kinda related to that, section 4.5.1 isn't written yet, but the
"vulnerability" is listed as "credential transport over an ecrypted
channel" in the checklist.  
Should the "vulnerability" description say "un-encrypted" channel?  Or
are we looking for something else (weak encryption?).  I just thought
that particular one reads a little confusing compared to all the others
(back to Rick's point) - unless I'm completely off on what this check is

	-------------- Original message -------------- 
	From: <rick.mitchell at bell.ca> 
	> Hi Kevin & everyone, 
	> A few things come to mind, none of which are specific to
	> article. 
	> 1) I'd suggest we don't use "and/or" is looks
	> I've got an illustrative example here if you care to take a

	> ation 
	> 2) We need to come up with a standard for section naming
	> (this isn't unique to your article). wikipedia suggests only
	> caps however I think the overall plan here is to publish this
as a *.doc 
	> and *.pdf once complete so I suggest full title caps. 
	> 3) I suggest we add some sort of tag to the index page 
	> (https://www.owasp.org/index.p
	> s) similar to the "(new)" and "(toimp)" tags to indicate when
	> are ready to be reviewed. Perhaps (100), (toreview), or
	> 4) I agree we should attempt to write in the third person (as
has been 
	> discussed already). 
	> 5) If we're going to use slang terms like "automagically" we
	> agree on a formatting scheme (unerline, italics, quoted, or
	> Other than that the article is in good shape. I made some
minor edits 
	> which you can see via the following diff: 

	> try_points&diff=30882&oldid=30711 
	> Rick 
	> _______________________________________________ 
	> Owasp-testing mailing list 
	> Owasp-testing at lists.owasp.org 
	> https://lists.owasp.org/mailman/listinfo/owasp-testing 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20080609/9de54288/attachment.html 

More information about the Owasp-testing mailing list