[Owasp-testing] Testing Guide V4 - Start up

Harword Sheen hardword.sheen at gmail.com
Thu Aug 30 20:55:46 UTC 2012


Hi Mat and all

I'd also like to contribute.

As far as ToC concerned,
-Do we need to come up with something new from v3?


On Aug 30, 2012, at 13:44, Matteo Meucci <matteo.meucci at owasp.org> wrote:

> Hi Brad,
> that's ok we are a team!
> 
> My idea is also to contact the authors of the new testing techniques
> asking for their contributes.
> 
> So for example I wish that for HTTP Verb Tampering, Arshan could help
> and for HTTP Parameter pollution, Stefano and Luca can give us the
> better contents.
> 
> Thanks!
> Mat
> 
> On 08/30/2012 10:39 PM, Brad Causey wrote:
>> I added myself in on a few topics where I felt I could contribute the
>> most. Not sure if that was the right thing to do or not.
>> 
>> If not, I'll take whatever assignment you wish.
>> 
>> 
>> -Brad Causey
>> CISSP, MCSE, C|EH, CIFI, CGSP
>> 
>> http://www.owasp.org
>> --
>> "Si vis pacem, para bellum"
>> --
>> 
>> 
>> On Thu, Aug 30, 2012 at 3:26 PM,  <simone.onofri at gmail.com> wrote:
>>> Hi mat,
>>> 
>>> Please consider also me!
>>> 
>>> Ciao,
>>> s.
>>> -----Original Message-----
>>> From: Matteo Meucci <matteo.meucci at owasp.org>
>>> Sender: owasp-testing-bounces at lists.owasp.org
>>> Date: Thu, 30 Aug 2012 22:18:07
>>> To: Ismael Rocha<ismaelrocha.projetos at gmail.com>
>>> Cc: <owasp-testing at lists.owasp.org>
>>> Subject: Re: [Owasp-testing] Testing Guide V4 - Start up
>>> 
>>> Hi Ismael,
>>> that's great!
>>> 
>>> ToC is a DRAFT now. We are at phase (1), we have to brainstorm now.
>>> 
>>> Thanks,
>>> Mat
>>> 
>>> 
>>> On 08/30/2012 07:38 PM, Ismael Rocha wrote:
>>>> Hello Matteo.
>>>> 
>>>> I made a cross reference between Top Ten and Testing Guide for the
>>>> Cheatsheet project Top Ten.
>>>> 
>>>> https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet
>>>> 
>>>> About the Table of Contents, is it the definitive one and we need only
>>>> to assign the contribuitors or we are going to discuss the table of
>>>> contents as well?
>>>> 
>>>> Regards.
>>>> 
>>>> Ismael Gonçalves
>>>> 
>>>> On Thu, Aug 30, 2012 at 12:40 PM, Matteo Meucci <matteo.meucci at owasp.org
>>>> <mailto:matteo.meucci at owasp.org>> wrote:
>>>> 
>>>>    Hi all Testing Guide contributors.
>>>> 
>>>>    Testing Guide v4 has been approved as Projects Reboot 2012!
>>>>    https://www.owasp.org/index.php/Projects_Reboot_2012
>>>> 
>>>>    Here is the list of contributors I've collected:
>>>> 
>>>>    Pavol Luptak
>>>>    Marco Morana
>>>>    Giorgio Fedon
>>>>    Stefano Di Paola
>>>>    Gianrico Ingrosso
>>>>    Giuseppe Bonfà
>>>>    Roberto Suggi Liverani
>>>>    Robert Smith
>>>>    Andrew Muller
>>>>    Robert Winkel
>>>>    tripurari rai
>>>>    Thomas Ryan
>>>>    tim bertels
>>>>    Cecil Su
>>>>    Aung KhAnt
>>>>    Norbert Szetei
>>>>    michael.boman
>>>>    Wagner Elias
>>>>    Kevin Horvat
>>>>    Juan Galiana Lara
>>>>    Kenan Gursoy
>>>>    Jason Flood
>>>>    Javier Marcos de Prado
>>>>    Sumit Siddharth
>>>>    Mike Hryekewicz
>>>>    psiinon
>>>>    Ray Schippers
>>>>    Raul Siles
>>>>    Jayanta Karmakar
>>>>    Brad Causey
>>>>    Vicente Aguilera
>>>>    Ismael Gonçalves
>>>> 
>>>>    Reviewers team:
>>>> 
>>>>    Paolo Perego
>>>>    Daniel Cuthbert
>>>>    Matthew Churcher
>>>>    Lode Vanstechelman
>>>>    Sebastien Gioria
>>>> 
>>>> 
>>>>    Introduction and Project purpose for v4:
>>>>    ============================ =============
>>>>    The OWASP Testing Guide v3 includes a "best practice" penetration
>>>>    testing framework which users can implement in their own organizations
>>>>    and a "low level" penetration testing guide that describes techniques
>>>>    for testing most common web application and web service security
>>>>    issues. Nowadays the Testing Guide has become the standard to perform
>>>>    a Web Application Penetration Testing and many Companies all around
>>>>    the world have adopted it.
>>>>    It is vital for the project mantaining an updated project that
>>>>    represents the state of the art for WebAppSec.
>>>> 
>>>>    Project Roadmap
>>>>    =============
>>>> 
>>>>    - (1) 1st phase: Brainstorming and create a new table of contents
>>>> 
>>>>    Objective: creating a new table of contents of the OTGv4
>>>>    assigning a task for each contributor.
>>>>    I created a new OWASP Testing Guide v4 table of Contents here:
>>>>    https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
>>>> 
>>>>    - (2) 2nd phase:  Writing
>>>>    20th September 2012: Start writing the articles
>>>>    1st November 2012: 1st Draft
>>>>    30th November: end of writing phase
>>>> 
>>>>    - (3) 3rd phase: Reviewing
>>>> 
>>>>    - 1st December 2012: Starting the review phase,
>>>>    - 15th December 2012: Create the RC1,
>>>>    - 31st January 2013: Release the version 4.
>>>> 
>>>>    Timeline November 2012 1st Draft, January 2013 Final Release
>>>> 
>>>>    So, let's start discussion about phase (1)!
>>>> 
>>>>    Thanks!
>>>>    Mat
>>>> 
>>>>    --
>>>>    Matteo Meucci
>>>>    OWASP Testing Guide Lead
>>>>    OWASP-Italy President
>>>> 
>>>> 
>>>>    _______________________________________________
>>>>    Owasp-testing mailing list
>>>>    Owasp-testing at lists.owasp.org <mailto:Owasp-testing at lists.owasp.org>
>>>>    https://lists.owasp.org/mailman/listinfo/owasp-testing
>>>> 
>>>> 
>>>> 
>>>> 
>>>> --
>>>> Ismael Gonçalves
>>> 
>>> --
>>> --
>>> Matteo Meucci
>>> OWASP Testing Guide Lead
>>> OWASP Italy President
>>> _______________________________________________
>>> Owasp-testing mailing list
>>> Owasp-testing at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>> _______________________________________________
>>> Owasp-testing mailing list
>>> Owasp-testing at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-testing
> 
> -- 
> --
> Matteo Meucci
> OWASP Testing Guide Lead
> OWASP Italy President
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing


More information about the Owasp-testing mailing list