[Owasp-testing] any plan to integrate WS-attacks.org on the v4 ?

Eoin eoin.keary at owasp.org
Mon Jul 11 12:42:50 EDT 2011


Great news, the ws security was based on some work I did with "Vordel" back in 2007 and needs some updating to be polite ;)
-ek



 

On 11 Jul 2011, at 15:42, "Tom A. Eston" <teston at securestate.com> wrote:

> Just so everyone on this list is aware of changes to the web services section…
> 
>  
> 
> I contacted Matteo about a month ago letting him know about a new web service testing methodology being released at Black Hat USA by myself, Kevin Johnson and Josh Abraham.  We are going to contribute this methodology back to the OWASP testing guide to be used in version 4.  This revised methodology also includes all attacks mentioned in the WS-attacks.org site as well.  We will be posting the methodology to the list for comment in the next few weeks as we are making some additional tweaks for the white paper.
> 
>  
> 
> I’d also like to reach out to Andreas Falkenberg who created WS-Attacks.org about simply porting this content over to the OWASP project wiki as it’s already in a wiki format.  That way we don’t have to link back to the various attacks that are detailed on his site.  His work is a perfect addition to the testing guide so it would be great to have this integrated in one location.
> 
>  
> 
>  
> 
> Tom Eston | Senior Consultant | SecureState
> 
> 216.927.8200 - office| 216.927.8266 - direct | 440.670.3798 - mobile
> 
>  
> 
>  
> 
>  
> 
> From: Sebastien Gioria [mailto:sebastien.gioria at owasp.org] 
> Sent: Monday, July 11, 2011 10:12 AM
> To: owasp-testing at lists.owasp.org
> Cc: Matteo Meucci
> Subject: [Owasp-testing] any plan to integrate WS-attacks.org on the v4 ?
> 
>  
> 
> I think it could be a good start for webservices in the new guide....
> 
>  
> 
>  
> 
>  
> 
> ---
> Sebastien GIORIA  - sebastien.gioria at owasp.org
> 
> French OWASP Co-Leader
> 
> OWASP Global Education Committee Member
> 
> GSM: +33 (0)6 23 04 00 51
> 
>  
> 
> ********************************************************************************************
> This email, and any attachments sent with it, are confidential property of
> SecureState and are intended solely for the use of the individual to whom it is
> addressed. Anyone who attempts to view, modify or replicate this email in any
> way will be prosecuted to the fullest extent of the law. If you are not an intended
> recipient, you may not review, copy or distribute this message. If you have
> received this communication in error please notify the sender immediately by
> replying to this e-mail and delete the original message. Please contact the
> sender if you believe you have received this email in error.
> ********************************************************************************************
> 
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20110711/1da30235/attachment.html 


More information about the Owasp-testing mailing list