[Owasp-testing] Testing Guide V4 - Start up

Matteo Meucci matteo.meucci at owasp.org
Thu Aug 30 20:44:42 UTC 2012


Hi Brad,
that's ok we are a team!

My idea is also to contact the authors of the new testing techniques
asking for their contributes.

So for example I wish that for HTTP Verb Tampering, Arshan could help
and for HTTP Parameter pollution, Stefano and Luca can give us the
better contents.

Thanks!
Mat

On 08/30/2012 10:39 PM, Brad Causey wrote:
> I added myself in on a few topics where I felt I could contribute the
> most. Not sure if that was the right thing to do or not.
> 
> If not, I'll take whatever assignment you wish.
> 
> 
> -Brad Causey
> CISSP, MCSE, C|EH, CIFI, CGSP
> 
> http://www.owasp.org
> --
> "Si vis pacem, para bellum"
> --
> 
> 
> On Thu, Aug 30, 2012 at 3:26 PM,  <simone.onofri at gmail.com> wrote:
>> Hi mat,
>>
>> Please consider also me!
>>
>> Ciao,
>> s.
>> -----Original Message-----
>> From: Matteo Meucci <matteo.meucci at owasp.org>
>> Sender: owasp-testing-bounces at lists.owasp.org
>> Date: Thu, 30 Aug 2012 22:18:07
>> To: Ismael Rocha<ismaelrocha.projetos at gmail.com>
>> Cc: <owasp-testing at lists.owasp.org>
>> Subject: Re: [Owasp-testing] Testing Guide V4 - Start up
>>
>> Hi Ismael,
>> that's great!
>>
>> ToC is a DRAFT now. We are at phase (1), we have to brainstorm now.
>>
>> Thanks,
>> Mat
>>
>>
>> On 08/30/2012 07:38 PM, Ismael Rocha wrote:
>>> Hello Matteo.
>>>
>>> I made a cross reference between Top Ten and Testing Guide for the
>>> Cheatsheet project Top Ten.
>>>
>>> https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet
>>>
>>> About the Table of Contents, is it the definitive one and we need only
>>> to assign the contribuitors or we are going to discuss the table of
>>> contents as well?
>>>
>>> Regards.
>>>
>>> Ismael Gonçalves
>>>
>>> On Thu, Aug 30, 2012 at 12:40 PM, Matteo Meucci <matteo.meucci at owasp.org
>>> <mailto:matteo.meucci at owasp.org>> wrote:
>>>
>>>     Hi all Testing Guide contributors.
>>>
>>>     Testing Guide v4 has been approved as Projects Reboot 2012!
>>>     https://www.owasp.org/index.php/Projects_Reboot_2012
>>>
>>>     Here is the list of contributors I've collected:
>>>
>>>     Pavol Luptak
>>>     Marco Morana
>>>     Giorgio Fedon
>>>     Stefano Di Paola
>>>     Gianrico Ingrosso
>>>     Giuseppe Bonfà
>>>     Roberto Suggi Liverani
>>>     Robert Smith
>>>     Andrew Muller
>>>     Robert Winkel
>>>     tripurari rai
>>>     Thomas Ryan
>>>     tim bertels
>>>     Cecil Su
>>>     Aung KhAnt
>>>     Norbert Szetei
>>>     michael.boman
>>>     Wagner Elias
>>>     Kevin Horvat
>>>     Juan Galiana Lara
>>>     Kenan Gursoy
>>>     Jason Flood
>>>     Javier Marcos de Prado
>>>     Sumit Siddharth
>>>     Mike Hryekewicz
>>>     psiinon
>>>     Ray Schippers
>>>     Raul Siles
>>>     Jayanta Karmakar
>>>     Brad Causey
>>>     Vicente Aguilera
>>>     Ismael Gonçalves
>>>
>>>     Reviewers team:
>>>
>>>     Paolo Perego
>>>     Daniel Cuthbert
>>>     Matthew Churcher
>>>     Lode Vanstechelman
>>>     Sebastien Gioria
>>>
>>>
>>>     Introduction and Project purpose for v4:
>>>     ============================ =============
>>>     The OWASP Testing Guide v3 includes a "best practice" penetration
>>>     testing framework which users can implement in their own organizations
>>>     and a "low level" penetration testing guide that describes techniques
>>>     for testing most common web application and web service security
>>>     issues. Nowadays the Testing Guide has become the standard to perform
>>>     a Web Application Penetration Testing and many Companies all around
>>>     the world have adopted it.
>>>     It is vital for the project mantaining an updated project that
>>>     represents the state of the art for WebAppSec.
>>>
>>>     Project Roadmap
>>>     =============
>>>
>>>     - (1) 1st phase: Brainstorming and create a new table of contents
>>>
>>>     Objective: creating a new table of contents of the OTGv4
>>>     assigning a task for each contributor.
>>>     I created a new OWASP Testing Guide v4 table of Contents here:
>>>     https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
>>>
>>>     - (2) 2nd phase:  Writing
>>>     20th September 2012: Start writing the articles
>>>     1st November 2012: 1st Draft
>>>     30th November: end of writing phase
>>>
>>>     - (3) 3rd phase: Reviewing
>>>
>>>     - 1st December 2012: Starting the review phase,
>>>     - 15th December 2012: Create the RC1,
>>>     - 31st January 2013: Release the version 4.
>>>
>>>     Timeline November 2012 1st Draft, January 2013 Final Release
>>>
>>>     So, let's start discussion about phase (1)!
>>>
>>>     Thanks!
>>>     Mat
>>>
>>>     --
>>>     Matteo Meucci
>>>     OWASP Testing Guide Lead
>>>     OWASP-Italy President
>>>
>>>
>>>     _______________________________________________
>>>     Owasp-testing mailing list
>>>     Owasp-testing at lists.owasp.org <mailto:Owasp-testing at lists.owasp.org>
>>>     https://lists.owasp.org/mailman/listinfo/owasp-testing
>>>
>>>
>>>
>>>
>>> --
>>> Ismael Gonçalves
>>
>> --
>> --
>> Matteo Meucci
>> OWASP Testing Guide Lead
>> OWASP Italy President
>> _______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>> _______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-testing

-- 
--
Matteo Meucci
OWASP Testing Guide Lead
OWASP Italy President


More information about the Owasp-testing mailing list