[Owasp-testing] OWASP Testing Guide v3: status - 28th June

Matteo Meucci matteo.meucci at gmail.com
Mon Jun 30 08:26:21 EDT 2008

that a great idea.
I'm adding that.

Thank you.

On Sun, Jun 29, 2008 at 3:40 AM, kevin horvath <kevin.horvath at gmail.com> wrote:
> Thanks for the work you have put in so far Mat!  If you get a chance
> could you add to the discussion portion of each article for what needs
> to be changed or modified to bring it to 100%.  Thanks.
> Kevin
> On Sat, Jun 28, 2008 at 4:39 PM, Matteo Meucci <matteo.meucci at gmail.com> wrote:
>> Hi all,
>> I've just written/updated and reviewed some articles, thank you for your effort!
>> Here is the list of the articles and the related status (100% means
>> article ready to be reviewed):
>> https://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Table_of_Contents
>> Tell me if I have forgotten something.
>> Here is the project roadmap updated:
>> https://www.owasp.org/index.php/OWASP_Testing_Project_v3_Roadmap
>> Many articles should still be written (and many are still to be
>> assigned), here is the list:
>> (toimp: B.Damele) 4.2 Information Gathering
>> (new:C.Heinrich)4.2.1 Spiders, Robots and Crawlers
>> (new:C.Heinrich)4.2.2 Search Engine Discovery/Reconnaissance
>> 4.2.3 (toimp) Testing for Web Application Fingerprint
>> (toimp)4.2.5 Analysis of Error Codes
>> (new) 4.3 Configuration Management Testing
>> (toimp) 4.3.1 SSL/TLS Testing (SSL Version, Alghoritms, Key lenght,
>> Digital Cert. Validity
>> (toimp) 4.3.3 Application Configuration Management Testing
>> (new) 4.3.4 Testing for misconfiguration
>> (new) 4.3.7 Infrastructure and Application Admin Interfaces
>> (toimp M.Meucci) 4.5 Authentication Testing
>> (new: G.Ingrosso) 4.5.1 Credentials transport over an encrypted channel
>> (new: M.Meucci)  4.5.2 Testing for user enumeration
>> (new) 4.7.2 Test the token strength (old 4.5.2 Testing for Cookie and
>> Session Token Manipulation)
>> (new: M.Meucci) 4.7.4. Testing for Session Fixation
>> (new: A. Coronel)4.8.1 Testing for Reflected Cross Site Scripting
>> (new: A.Agarwwal, Kuza55) 4.8.3 Testing for DOM based Cross Site Scripting
>> (new: A.Agarwwal)4.8.4 Testing for Cross Site Flashing
>> (toimp: B.Damele) 4.8.5 Testing for SQL Injection
>> 30th June all the articles will be reviewed for the begin of the first
>> phase of reviewing.
>> Please, if you have some draft, publish it on the wiki so we can share
>> our thought and update it.
>> If you have some problems to reach the goal, please drop me a line.
>> Thanks!
>> Mat
>> _______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-testing

Matteo Meucci
OWASP Testing Guide lead

More information about the Owasp-testing mailing list