[Owasp-testing] OWASP Testing Guide v3: status - 28th June

kevin horvath kevin.horvath at gmail.com
Sat Jun 28 21:40:16 EDT 2008

Thanks for the work you have put in so far Mat!  If you get a chance
could you add to the discussion portion of each article for what needs
to be changed or modified to bring it to 100%.  Thanks.


On Sat, Jun 28, 2008 at 4:39 PM, Matteo Meucci <matteo.meucci at gmail.com> wrote:
> Hi all,
> I've just written/updated and reviewed some articles, thank you for your effort!
> Here is the list of the articles and the related status (100% means
> article ready to be reviewed):
> https://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Table_of_Contents
> Tell me if I have forgotten something.
> Here is the project roadmap updated:
> https://www.owasp.org/index.php/OWASP_Testing_Project_v3_Roadmap
> Many articles should still be written (and many are still to be
> assigned), here is the list:
> (toimp: B.Damele) 4.2 Information Gathering
> (new:C.Heinrich)4.2.1 Spiders, Robots and Crawlers
> (new:C.Heinrich)4.2.2 Search Engine Discovery/Reconnaissance
> 4.2.3 (toimp) Testing for Web Application Fingerprint
> (toimp)4.2.5 Analysis of Error Codes
> (new) 4.3 Configuration Management Testing
> (toimp) 4.3.1 SSL/TLS Testing (SSL Version, Alghoritms, Key lenght,
> Digital Cert. Validity
> (toimp) 4.3.3 Application Configuration Management Testing
> (new) 4.3.4 Testing for misconfiguration
> (new) 4.3.7 Infrastructure and Application Admin Interfaces
> (toimp M.Meucci) 4.5 Authentication Testing
> (new: G.Ingrosso) 4.5.1 Credentials transport over an encrypted channel
> (new: M.Meucci)  4.5.2 Testing for user enumeration
> (new) 4.7.2 Test the token strength (old 4.5.2 Testing for Cookie and
> Session Token Manipulation)
> (new: M.Meucci) 4.7.4. Testing for Session Fixation
> (new: A. Coronel)4.8.1 Testing for Reflected Cross Site Scripting
> (new: A.Agarwwal, Kuza55) 4.8.3 Testing for DOM based Cross Site Scripting
> (new: A.Agarwwal)4.8.4 Testing for Cross Site Flashing
> (toimp: B.Damele) 4.8.5 Testing for SQL Injection
> 30th June all the articles will be reviewed for the begin of the first
> phase of reviewing.
> Please, if you have some draft, publish it on the wiki so we can share
> our thought and update it.
> If you have some problems to reach the goal, please drop me a line.
> Thanks!
> Mat
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing

More information about the Owasp-testing mailing list