[Owasp-testing] OWASP Testing Guide v3: status - 28th June

Matteo Meucci matteo.meucci at gmail.com
Sat Jun 28 16:39:43 EDT 2008

Hi all,
I've just written/updated and reviewed some articles, thank you for your effort!

Here is the list of the articles and the related status (100% means
article ready to be reviewed):
Tell me if I have forgotten something.

Here is the project roadmap updated:

Many articles should still be written (and many are still to be
assigned), here is the list:

(toimp: B.Damele) 4.2 Information Gathering
(new:C.Heinrich)4.2.1 Spiders, Robots and Crawlers
(new:C.Heinrich)4.2.2 Search Engine Discovery/Reconnaissance
4.2.3 (toimp) Testing for Web Application Fingerprint
(toimp)4.2.5 Analysis of Error Codes
(new) 4.3 Configuration Management Testing
(toimp) 4.3.1 SSL/TLS Testing (SSL Version, Alghoritms, Key lenght,
Digital Cert. Validity
(toimp) 4.3.3 Application Configuration Management Testing
(new) 4.3.4 Testing for misconfiguration
(new) 4.3.7 Infrastructure and Application Admin Interfaces
(toimp M.Meucci) 4.5 Authentication Testing
(new: G.Ingrosso) 4.5.1 Credentials transport over an encrypted channel
(new: M.Meucci)  4.5.2 Testing for user enumeration
(new) 4.7.2 Test the token strength (old 4.5.2 Testing for Cookie and
Session Token Manipulation)
(new: M.Meucci) 4.7.4. Testing for Session Fixation
(new: A. Coronel)4.8.1 Testing for Reflected Cross Site Scripting
(new: A.Agarwwal, Kuza55) 4.8.3 Testing for DOM based Cross Site Scripting
(new: A.Agarwwal)4.8.4 Testing for Cross Site Flashing
(toimp: B.Damele) 4.8.5 Testing for SQL Injection

30th June all the articles will be reviewed for the begin of the first
phase of reviewing.
Please, if you have some draft, publish it on the wiki so we can share
our thought and update it.

If you have some problems to reach the goal, please drop me a line.


More information about the Owasp-testing mailing list