[Owasp-testing] Template for Testing Guide v3 - Checklist

Matteo Meucci matteo.meucci at gmail.com
Sat Jun 28 16:25:09 EDT 2008 

Hi Ronbo,
Thank you for your effort.

I think this kind of checklist is usefull, but we have to follow the
Testing Guide Index and that list of controls:
https://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Table_of_Contents
Maybe we can create 2 documents (doc format i think it's better):
- one for the list of tests to perform
- one to explain the checklist
What do you think about that?

Thanks,
Mat

On Thu, Jun 12, 2008 at 7:36 PM, Ronbo <r at kelronja.org> wrote:
> I have a first draft ready for review.
> https://www.owasp.org/index.php/Testing_Checklist
>
> Please review for format and structure at this point.
> We can get to content, and checks after we agree on the format.
>
> .xls is not an allowed file type currently.  Do we want to allow it?
> If not, ill just continue to zip it.
> Would open office be better, or does everyone have excel?
>
> Thanks!
> Ron
>
>
> ".xls" is an unwanted file type
>
>    List of allowed file types: mp3, gif, png, jpg, jpeg, doc, ppt, mp3, pdf,
> psd, zip, tar, tar.gz, tar.bz2, jar, docx, pptx
>
>
>
> On May 29, 2008, at 2:45 AM, Matteo Meucci wrote:
>
>> Hi,
>> sure good idea! I'm working on it and added a section at the Index
>> (4.1.1 Testing Checklist):
>> http://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Table_of_Contents
>>
>> The checklist v2 is here:
>> https://www.owasp.org/index.php/Testing:_Introduction_and_objectives
>>
>> Here is a first draft for v3:
>> http://www.owasp.org/index.php/Testing_Checklist
>> What do you think about that?
>>
>> I think it is important to collect all the security tests we will
>> perfom on v3 and the related vulnerability founded.
>> Also checklist is important to give a high level vision of our
>> project: I'd like to work also with Andrew (Building Guide) and Eoin
>> (Code Review Guide) to create 3 different checklists that togheter
>> make sense for the development, review and testing phase from a OWASP
>> point of view.
>> That makes sense for you?
>>
>> Thanks,
>> Mat
>>
>>
>> On Thu, May 29, 2008 at 2:45 AM, Ronbo <r at kelronja.org> wrote:
>>>
>>> I would like to volunteer to produce an extensive checklist for the v3
>>> guide.
>>> I am thinking it should fall under an Appendix.
>>> The checklist is currently being developed as an open office
>>> spreadsheet, but could be converted to a table in .PDF.
>>> Recommendations for format?  It is most useful as a spreadsheet...
>>>
>>> Ron Mathis
>>>
>>> _______________________________________________
>>> Owasp-testing mailing list
>>> Owasp-testing at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>>
>>
>>
>>
>> --
>> Matteo Meucci
>> OWASP-Italy Chair, CISSP, CISA
>> http://www.owasp.org/index.php/Italy
>> OWASP Testing Guide lead
>> http://www.owasp.org/index.php/Testing_Guide
>>
>
>



-- 
Matteo Meucci
OWASP-Italy Chair, CISSP, CISA
http://www.owasp.org/index.php/Italy
OWASP Testing Guide lead
http://www.owasp.org/index.php/Testing_Guide

More information about the Owasp-testing mailing list