[Owasp-testing] Testing Guide V4 - Start up

Brad Causey bradcausey at gmail.com
Thu Aug 30 20:47:10 UTC 2012


Excellent, thanks!

-Brad Causey
CISSP, MCSE, C|EH, CIFI, CGSP

http://www.owasp.org
--
"Si vis pacem, para bellum"
--


On Thu, Aug 30, 2012 at 3:44 PM, Matteo Meucci <matteo.meucci at owasp.org> wrote:
> Hi Brad,
> that's ok we are a team!
>
> My idea is also to contact the authors of the new testing techniques
> asking for their contributes.
>
> So for example I wish that for HTTP Verb Tampering, Arshan could help
> and for HTTP Parameter pollution, Stefano and Luca can give us the
> better contents.
>
> Thanks!
> Mat
>
> On 08/30/2012 10:39 PM, Brad Causey wrote:
>> I added myself in on a few topics where I felt I could contribute the
>> most. Not sure if that was the right thing to do or not.
>>
>> If not, I'll take whatever assignment you wish.
>>
>>
>> -Brad Causey
>> CISSP, MCSE, C|EH, CIFI, CGSP
>>
>> http://www.owasp.org
>> --
>> "Si vis pacem, para bellum"
>> --
>>
>>
>> On Thu, Aug 30, 2012 at 3:26 PM,  <simone.onofri at gmail.com> wrote:
>>> Hi mat,
>>>
>>> Please consider also me!
>>>
>>> Ciao,
>>> s.
>>> -----Original Message-----
>>> From: Matteo Meucci <matteo.meucci at owasp.org>
>>> Sender: owasp-testing-bounces at lists.owasp.org
>>> Date: Thu, 30 Aug 2012 22:18:07
>>> To: Ismael Rocha<ismaelrocha.projetos at gmail.com>
>>> Cc: <owasp-testing at lists.owasp.org>
>>> Subject: Re: [Owasp-testing] Testing Guide V4 - Start up
>>>
>>> Hi Ismael,
>>> that's great!
>>>
>>> ToC is a DRAFT now. We are at phase (1), we have to brainstorm now.
>>>
>>> Thanks,
>>> Mat
>>>
>>>
>>> On 08/30/2012 07:38 PM, Ismael Rocha wrote:
>>>> Hello Matteo.
>>>>
>>>> I made a cross reference between Top Ten and Testing Guide for the
>>>> Cheatsheet project Top Ten.
>>>>
>>>> https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet
>>>>
>>>> About the Table of Contents, is it the definitive one and we need only
>>>> to assign the contribuitors or we are going to discuss the table of
>>>> contents as well?
>>>>
>>>> Regards.
>>>>
>>>> Ismael Gonçalves
>>>>
>>>> On Thu, Aug 30, 2012 at 12:40 PM, Matteo Meucci <matteo.meucci at owasp.org
>>>> <mailto:matteo.meucci at owasp.org>> wrote:
>>>>
>>>>     Hi all Testing Guide contributors.
>>>>
>>>>     Testing Guide v4 has been approved as Projects Reboot 2012!
>>>>     https://www.owasp.org/index.php/Projects_Reboot_2012
>>>>
>>>>     Here is the list of contributors I've collected:
>>>>
>>>>     Pavol Luptak
>>>>     Marco Morana
>>>>     Giorgio Fedon
>>>>     Stefano Di Paola
>>>>     Gianrico Ingrosso
>>>>     Giuseppe Bonfà
>>>>     Roberto Suggi Liverani
>>>>     Robert Smith
>>>>     Andrew Muller
>>>>     Robert Winkel
>>>>     tripurari rai
>>>>     Thomas Ryan
>>>>     tim bertels
>>>>     Cecil Su
>>>>     Aung KhAnt
>>>>     Norbert Szetei
>>>>     michael.boman
>>>>     Wagner Elias
>>>>     Kevin Horvat
>>>>     Juan Galiana Lara
>>>>     Kenan Gursoy
>>>>     Jason Flood
>>>>     Javier Marcos de Prado
>>>>     Sumit Siddharth
>>>>     Mike Hryekewicz
>>>>     psiinon
>>>>     Ray Schippers
>>>>     Raul Siles
>>>>     Jayanta Karmakar
>>>>     Brad Causey
>>>>     Vicente Aguilera
>>>>     Ismael Gonçalves
>>>>
>>>>     Reviewers team:
>>>>
>>>>     Paolo Perego
>>>>     Daniel Cuthbert
>>>>     Matthew Churcher
>>>>     Lode Vanstechelman
>>>>     Sebastien Gioria
>>>>
>>>>
>>>>     Introduction and Project purpose for v4:
>>>>     ============================ =============
>>>>     The OWASP Testing Guide v3 includes a "best practice" penetration
>>>>     testing framework which users can implement in their own organizations
>>>>     and a "low level" penetration testing guide that describes techniques
>>>>     for testing most common web application and web service security
>>>>     issues. Nowadays the Testing Guide has become the standard to perform
>>>>     a Web Application Penetration Testing and many Companies all around
>>>>     the world have adopted it.
>>>>     It is vital for the project mantaining an updated project that
>>>>     represents the state of the art for WebAppSec.
>>>>
>>>>     Project Roadmap
>>>>     =============
>>>>
>>>>     - (1) 1st phase: Brainstorming and create a new table of contents
>>>>
>>>>     Objective: creating a new table of contents of the OTGv4
>>>>     assigning a task for each contributor.
>>>>     I created a new OWASP Testing Guide v4 table of Contents here:
>>>>     https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
>>>>
>>>>     - (2) 2nd phase:  Writing
>>>>     20th September 2012: Start writing the articles
>>>>     1st November 2012: 1st Draft
>>>>     30th November: end of writing phase
>>>>
>>>>     - (3) 3rd phase: Reviewing
>>>>
>>>>     - 1st December 2012: Starting the review phase,
>>>>     - 15th December 2012: Create the RC1,
>>>>     - 31st January 2013: Release the version 4.
>>>>
>>>>     Timeline November 2012 1st Draft, January 2013 Final Release
>>>>
>>>>     So, let's start discussion about phase (1)!
>>>>
>>>>     Thanks!
>>>>     Mat
>>>>
>>>>     --
>>>>     Matteo Meucci
>>>>     OWASP Testing Guide Lead
>>>>     OWASP-Italy President
>>>>
>>>>
>>>>     _______________________________________________
>>>>     Owasp-testing mailing list
>>>>     Owasp-testing at lists.owasp.org <mailto:Owasp-testing at lists.owasp.org>
>>>>     https://lists.owasp.org/mailman/listinfo/owasp-testing
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Ismael Gonçalves
>>>
>>> --
>>> --
>>> Matteo Meucci
>>> OWASP Testing Guide Lead
>>> OWASP Italy President
>>> _______________________________________________
>>> Owasp-testing mailing list
>>> Owasp-testing at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>> _______________________________________________
>>> Owasp-testing mailing list
>>> Owasp-testing at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
> --
> --
> Matteo Meucci
> OWASP Testing Guide Lead
> OWASP Italy President


More information about the Owasp-testing mailing list