[Owasp-testing] any plan to integrate WS-attacks.org on the v4 ?

Tom A. Eston teston at securestate.com
Mon Jul 11 10:42:48 EDT 2011

Just so everyone on this list is aware of changes to the web services section...

I contacted Matteo about a month ago letting him know about a new web service testing methodology being released at Black Hat USA by myself, Kevin Johnson and Josh Abraham.  We are going to contribute this methodology back to the OWASP testing guide to be used in version 4.  This revised methodology also includes all attacks mentioned in the WS-attacks.org site as well.  We will be posting the methodology to the list for comment in the next few weeks as we are making some additional tweaks for the white paper.

I'd also like to reach out to Andreas Falkenberg who created WS-Attacks.org about simply porting this content over to the OWASP project wiki as it's already in a wiki format.  That way we don't have to link back to the various attacks that are detailed on his site.  His work is a perfect addition to the testing guide so it would be great to have this integrated in one location.

Tom Eston | Senior Consultant | SecureState
216.927.8200 - office| 216.927.8266 - direct | 440.670.3798 - mobile

From: Sebastien Gioria [mailto:sebastien.gioria at owasp.org]
Sent: Monday, July 11, 2011 10:12 AM
To: owasp-testing at lists.owasp.org
Cc: Matteo Meucci
Subject: [Owasp-testing] any plan to integrate WS-attacks.org on the v4 ?

I think it could be a good start for webservices in the new guide....

Sebastien GIORIA  - sebastien.gioria at owasp.org<mailto:sebastien.gioria at owasp.org>
French OWASP Co-Leader
OWASP Global Education Committee Member
GSM: +33 (0)6 23 04 00 51

This email, and any attachments sent with it, are confidential property of
SecureState and are intended solely for the use of the individual to whom it is
addressed. Anyone who attempts to view, modify or replicate this email in any
way will be prosecuted to the fullest extent of the law. If you are not an intended
recipient, you may not review, copy or distribute this message. If you have
received this communication in error please notify the sender immediately by
replying to this e-mail and delete the original message. Please contact the
sender if you believe you have received this email in error.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20110711/5d6f38f2/attachment.html 

More information about the Owasp-testing mailing list