[Owasp-testing] any plan to integrate WS-attacks.org on the v4 ?

Matteo Meucci matteo.meucci at owasp.org
Mon Jul 11 10:58:49 EDT 2011


Hi Tom,
that's perfect!
Yes, we have to discuss on how to create a suitable content for the
testing guide v4 given all your inputs.

Thanks,
Mat


Il 11/07/2011 16:42, Tom A. Eston ha scritto:
>
> Just so everyone on this list is aware of changes to the web services
> section...
>
>  
>
> I contacted Matteo about a month ago letting him know about a new web
> service testing methodology being released at Black Hat USA by myself,
> Kevin Johnson and Josh Abraham.  We are going to contribute this
> methodology back to the OWASP testing guide to be used in version 4. 
> This revised methodology also includes all attacks mentioned in the
> WS-attacks.org site as well.  We will be posting the methodology to
> the list for comment in the next few weeks as we are making some
> additional tweaks for the white paper.
>
>  
>
> I'd also like to reach out to Andreas Falkenberg who created
> WS-Attacks.org about simply porting this content over to the OWASP
> project wiki as it's already in a wiki format.  That way we don't have
> to link back to the various attacks that are detailed on his site. 
> His work is a perfect addition to the testing guide so it would be
> great to have this integrated in one location.
>
>  
>
>  
>
> Tom Eston | Senior Consultant | *SecureState *
>
> 216.927.8200 - office| 216.927.8266 - direct | 440.670.3798 - mobile
>
>  
>
>  
>
>  
>
> *From:*Sebastien Gioria [mailto:sebastien.gioria at owasp.org]
> *Sent:* Monday, July 11, 2011 10:12 AM
> *To:* owasp-testing at lists.owasp.org
> *Cc:* Matteo Meucci
> *Subject:* [Owasp-testing] any plan to integrate WS-attacks.org on the
> v4 ?
>
>  
>
> I think it could be a good start for webservices in the new guide....
>
>  
>
>  
>
>  
>
> ---
> Sebastien GIORIA  - sebastien.gioria at owasp.org
> <mailto:sebastien.gioria at owasp.org>
>
> French OWASP Co-Leader
>
> OWASP Global Education Committee Member
>
> GSM: +33 (0)6 23 04 00 51
>
>  
>
> ------------------------------------------------------------------------
>
> ********************************************************************************************
> This email, and any attachments sent with it, are confidential property of
> SecureState and are intended solely for the use of the individual to
> whom it is
> addressed. Anyone who attempts to view, modify or replicate this email
> in any
> way will be prosecuted to the fullest extent of the law. If you are
> not an intended
> recipient, you may not review, copy or distribute this message. If you
> have
> received this communication in error please notify the sender
> immediately by
> replying to this e-mail and delete the original message. Please
> contact the
> sender if you believe you have received this email in error.
> ********************************************************************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20110711/0e0f5bba/attachment-0001.html 


More information about the Owasp-testing mailing list