[Owasp-testing] OWASP Testing Guide v3: status - 28th June
matteo.meucci at gmail.com
Mon Jun 30 08:26:21 EDT 2008
that a great idea.
I'm adding that.
On Sun, Jun 29, 2008 at 3:40 AM, kevin horvath <kevin.horvath at gmail.com> wrote:
> Thanks for the work you have put in so far Mat! If you get a chance
> could you add to the discussion portion of each article for what needs
> to be changed or modified to bring it to 100%. Thanks.
> On Sat, Jun 28, 2008 at 4:39 PM, Matteo Meucci <matteo.meucci at gmail.com> wrote:
>> Hi all,
>> I've just written/updated and reviewed some articles, thank you for your effort!
>> Here is the list of the articles and the related status (100% means
>> article ready to be reviewed):
>> Tell me if I have forgotten something.
>> Here is the project roadmap updated:
>> Many articles should still be written (and many are still to be
>> assigned), here is the list:
>> (toimp: B.Damele) 4.2 Information Gathering
>> (new:C.Heinrich)4.2.1 Spiders, Robots and Crawlers
>> (new:C.Heinrich)4.2.2 Search Engine Discovery/Reconnaissance
>> 4.2.3 (toimp) Testing for Web Application Fingerprint
>> (toimp)4.2.5 Analysis of Error Codes
>> (new) 4.3 Configuration Management Testing
>> (toimp) 4.3.1 SSL/TLS Testing (SSL Version, Alghoritms, Key lenght,
>> Digital Cert. Validity
>> (toimp) 4.3.3 Application Configuration Management Testing
>> (new) 4.3.4 Testing for misconfiguration
>> (new) 4.3.7 Infrastructure and Application Admin Interfaces
>> (toimp M.Meucci) 4.5 Authentication Testing
>> (new: G.Ingrosso) 4.5.1 Credentials transport over an encrypted channel
>> (new: M.Meucci) 4.5.2 Testing for user enumeration
>> (new) 4.7.2 Test the token strength (old 4.5.2 Testing for Cookie and
>> Session Token Manipulation)
>> (new: M.Meucci) 4.7.4. Testing for Session Fixation
>> (new: A. Coronel)4.8.1 Testing for Reflected Cross Site Scripting
>> (new: A.Agarwwal, Kuza55) 4.8.3 Testing for DOM based Cross Site Scripting
>> (new: A.Agarwwal)4.8.4 Testing for Cross Site Flashing
>> (toimp: B.Damele) 4.8.5 Testing for SQL Injection
>> 30th June all the articles will be reviewed for the begin of the first
>> phase of reviewing.
>> Please, if you have some draft, publish it on the wiki so we can share
>> our thought and update it.
>> If you have some problems to reach the goal, please drop me a line.
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
OWASP-Italy Chair, CISSP, CISA
OWASP Testing Guide lead
More information about the Owasp-testing