[Owasp-testing] Testing Guide V4 - Start up

Matteo Meucci matteo.meucci at owasp.org
Thu Aug 30 21:11:41 UTC 2012


Hi Amro,
good question related to the tools. Here we have to update many references.

Usually at the end of each article we suggest to use a particular open
source tool to perform the test. I think we can use and suggest both the
tools in many situations.
Also the Appendix A "Testing Tools" should pick all the testing tools
cited in the Testing Guide and give more details.

Thanks,
Mat

On 08/30/2012 10:58 PM, Amro wrote:
> Please count me in as well .. Are we gonna use ZAP instead of WebScarab in the new version?  
> 
> Regards,
> Amro 
> Sent from BlackBerry®. Excuse typo's and brevity.
> 
> -----Original Message-----
> From: Matteo Meucci <matteo.meucci at owasp.org>
> Sender: owasp-testing-bounces at lists.owasp.org
> Date: Thu, 30 Aug 2012 17:40:29 
> To: <owasp-testing at lists.owasp.org>
> Subject: [Owasp-testing] Testing Guide V4 - Start up
> 
> Hi all Testing Guide contributors.
> 
> Testing Guide v4 has been approved as Projects Reboot 2012!
> https://www.owasp.org/index.php/Projects_Reboot_2012
> 
> Here is the list of contributors I've collected:
> 
> Pavol Luptak
> Marco Morana
> Giorgio Fedon
> Stefano Di Paola
> Gianrico Ingrosso
> Giuseppe Bonfà
> Roberto Suggi Liverani
> Robert Smith
> Andrew Muller
> Robert Winkel
> tripurari rai
> Thomas Ryan
> tim bertels
> Cecil Su
> Aung KhAnt
> Norbert Szetei
> michael.boman
> Wagner Elias
> Kevin Horvat
> Juan Galiana Lara
> Kenan Gursoy
> Jason Flood
> Javier Marcos de Prado
> Sumit Siddharth
> Mike Hryekewicz
> psiinon
> Ray Schippers
> Raul Siles
> Jayanta Karmakar
> Brad Causey
> Vicente Aguilera
> Ismael Gonçalves
> 
> Reviewers team:
> 
> Paolo Perego
> Daniel Cuthbert
> Matthew Churcher
> Lode Vanstechelman
> Sebastien Gioria
> 
> 
> Introduction and Project purpose for v4:
> ============================ =============
> The OWASP Testing Guide v3 includes a "best practice" penetration
> testing framework which users can implement in their own organizations
> and a "low level" penetration testing guide that describes techniques
> for testing most common web application and web service security
> issues. Nowadays the Testing Guide has become the standard to perform
> a Web Application Penetration Testing and many Companies all around
> the world have adopted it.
> It is vital for the project mantaining an updated project that
> represents the state of the art for WebAppSec.
> 
> Project Roadmap
> =============
> 
> - (1) 1st phase: Brainstorming and create a new table of contents
> 
> Objective: creating a new table of contents of the OTGv4
> assigning a task for each contributor.
> I created a new OWASP Testing Guide v4 table of Contents here:
> https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
> 
> - (2) 2nd phase:  Writing
> 20th September 2012: Start writing the articles
> 1st November 2012: 1st Draft
> 30th November: end of writing phase
> 
> - (3) 3rd phase: Reviewing
> 
> - 1st December 2012: Starting the review phase,
> - 15th December 2012: Create the RC1,
> - 31st January 2013: Release the version 4.
> 
> Timeline November 2012 1st Draft, January 2013 Final Release
> 
> So, let's start discussion about phase (1)!
> 
> Thanks!
> Mat
> 
> --
> Matteo Meucci
> OWASP Testing Guide Lead
> OWASP-Italy President
> 
> 
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
> 

-- 
--
Matteo Meucci
OWASP Testing Guide Lead
OWASP Italy President


More information about the Owasp-testing mailing list