[Owasp-testing] Testing Guide V4 - Start up

Matteo Meucci matteo.meucci at owasp.org
Thu Aug 30 21:01:51 UTC 2012


Perfect,
thanks.

Yes we have to come with something new from v3. The v3 is the base for
the v4 but we have to review/update/cut all the contents and add new
contents.

Mat

On 08/30/2012 10:55 PM, Harword Sheen wrote:
> Hi Mat and all
> 
> I'd also like to contribute.
> 
> As far as ToC concerned,
> -Do we need to come up with something new from v3?
> 
> 
> On Aug 30, 2012, at 13:44, Matteo Meucci <matteo.meucci at owasp.org> wrote:
> 
>> Hi Brad,
>> that's ok we are a team!
>>
>> My idea is also to contact the authors of the new testing techniques
>> asking for their contributes.
>>
>> So for example I wish that for HTTP Verb Tampering, Arshan could help
>> and for HTTP Parameter pollution, Stefano and Luca can give us the
>> better contents.
>>
>> Thanks!
>> Mat
>>
>> On 08/30/2012 10:39 PM, Brad Causey wrote:
>>> I added myself in on a few topics where I felt I could contribute the
>>> most. Not sure if that was the right thing to do or not.
>>>
>>> If not, I'll take whatever assignment you wish.
>>>
>>>
>>> -Brad Causey
>>> CISSP, MCSE, C|EH, CIFI, CGSP
>>>
>>> http://www.owasp.org
>>> --
>>> "Si vis pacem, para bellum"
>>> --
>>>
>>>
>>> On Thu, Aug 30, 2012 at 3:26 PM,  <simone.onofri at gmail.com> wrote:
>>>> Hi mat,
>>>>
>>>> Please consider also me!
>>>>
>>>> Ciao,
>>>> s.
>>>> -----Original Message-----
>>>> From: Matteo Meucci <matteo.meucci at owasp.org>
>>>> Sender: owasp-testing-bounces at lists.owasp.org
>>>> Date: Thu, 30 Aug 2012 22:18:07
>>>> To: Ismael Rocha<ismaelrocha.projetos at gmail.com>
>>>> Cc: <owasp-testing at lists.owasp.org>
>>>> Subject: Re: [Owasp-testing] Testing Guide V4 - Start up
>>>>
>>>> Hi Ismael,
>>>> that's great!
>>>>
>>>> ToC is a DRAFT now. We are at phase (1), we have to brainstorm now.
>>>>
>>>> Thanks,
>>>> Mat
>>>>
>>>>
>>>> On 08/30/2012 07:38 PM, Ismael Rocha wrote:
>>>>> Hello Matteo.
>>>>>
>>>>> I made a cross reference between Top Ten and Testing Guide for the
>>>>> Cheatsheet project Top Ten.
>>>>>
>>>>> https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet
>>>>>
>>>>> About the Table of Contents, is it the definitive one and we need only
>>>>> to assign the contribuitors or we are going to discuss the table of
>>>>> contents as well?
>>>>>
>>>>> Regards.
>>>>>
>>>>> Ismael Gonçalves
>>>>>
>>>>> On Thu, Aug 30, 2012 at 12:40 PM, Matteo Meucci <matteo.meucci at owasp.org
>>>>> <mailto:matteo.meucci at owasp.org>> wrote:
>>>>>
>>>>>    Hi all Testing Guide contributors.
>>>>>
>>>>>    Testing Guide v4 has been approved as Projects Reboot 2012!
>>>>>    https://www.owasp.org/index.php/Projects_Reboot_2012
>>>>>
>>>>>    Here is the list of contributors I've collected:
>>>>>
>>>>>    Pavol Luptak
>>>>>    Marco Morana
>>>>>    Giorgio Fedon
>>>>>    Stefano Di Paola
>>>>>    Gianrico Ingrosso
>>>>>    Giuseppe Bonfà
>>>>>    Roberto Suggi Liverani
>>>>>    Robert Smith
>>>>>    Andrew Muller
>>>>>    Robert Winkel
>>>>>    tripurari rai
>>>>>    Thomas Ryan
>>>>>    tim bertels
>>>>>    Cecil Su
>>>>>    Aung KhAnt
>>>>>    Norbert Szetei
>>>>>    michael.boman
>>>>>    Wagner Elias
>>>>>    Kevin Horvat
>>>>>    Juan Galiana Lara
>>>>>    Kenan Gursoy
>>>>>    Jason Flood
>>>>>    Javier Marcos de Prado
>>>>>    Sumit Siddharth
>>>>>    Mike Hryekewicz
>>>>>    psiinon
>>>>>    Ray Schippers
>>>>>    Raul Siles
>>>>>    Jayanta Karmakar
>>>>>    Brad Causey
>>>>>    Vicente Aguilera
>>>>>    Ismael Gonçalves
>>>>>
>>>>>    Reviewers team:
>>>>>
>>>>>    Paolo Perego
>>>>>    Daniel Cuthbert
>>>>>    Matthew Churcher
>>>>>    Lode Vanstechelman
>>>>>    Sebastien Gioria
>>>>>
>>>>>
>>>>>    Introduction and Project purpose for v4:
>>>>>    ============================ =============
>>>>>    The OWASP Testing Guide v3 includes a "best practice" penetration
>>>>>    testing framework which users can implement in their own organizations
>>>>>    and a "low level" penetration testing guide that describes techniques
>>>>>    for testing most common web application and web service security
>>>>>    issues. Nowadays the Testing Guide has become the standard to perform
>>>>>    a Web Application Penetration Testing and many Companies all around
>>>>>    the world have adopted it.
>>>>>    It is vital for the project mantaining an updated project that
>>>>>    represents the state of the art for WebAppSec.
>>>>>
>>>>>    Project Roadmap
>>>>>    =============
>>>>>
>>>>>    - (1) 1st phase: Brainstorming and create a new table of contents
>>>>>
>>>>>    Objective: creating a new table of contents of the OTGv4
>>>>>    assigning a task for each contributor.
>>>>>    I created a new OWASP Testing Guide v4 table of Contents here:
>>>>>    https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
>>>>>
>>>>>    - (2) 2nd phase:  Writing
>>>>>    20th September 2012: Start writing the articles
>>>>>    1st November 2012: 1st Draft
>>>>>    30th November: end of writing phase
>>>>>
>>>>>    - (3) 3rd phase: Reviewing
>>>>>
>>>>>    - 1st December 2012: Starting the review phase,
>>>>>    - 15th December 2012: Create the RC1,
>>>>>    - 31st January 2013: Release the version 4.
>>>>>
>>>>>    Timeline November 2012 1st Draft, January 2013 Final Release
>>>>>
>>>>>    So, let's start discussion about phase (1)!
>>>>>
>>>>>    Thanks!
>>>>>    Mat
>>>>>
>>>>>    --
>>>>>    Matteo Meucci
>>>>>    OWASP Testing Guide Lead
>>>>>    OWASP-Italy President
>>>>>
>>>>>
>>>>>    _______________________________________________
>>>>>    Owasp-testing mailing list
>>>>>    Owasp-testing at lists.owasp.org <mailto:Owasp-testing at lists.owasp.org>
>>>>>    https://lists.owasp.org/mailman/listinfo/owasp-testing
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Ismael Gonçalves
>>>>
>>>> --
>>>> --
>>>> Matteo Meucci
>>>> OWASP Testing Guide Lead
>>>> OWASP Italy President
>>>> _______________________________________________
>>>> Owasp-testing mailing list
>>>> Owasp-testing at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>>> _______________________________________________
>>>> Owasp-testing mailing list
>>>> Owasp-testing at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>
>> -- 
>> --
>> Matteo Meucci
>> OWASP Testing Guide Lead
>> OWASP Italy President
>> _______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-testing

-- 
--
Matteo Meucci
OWASP Testing Guide Lead
OWASP Italy President


More information about the Owasp-testing mailing list