[Owasp-testing] Testing Guide v4: 2nd phase: Writing

Tom A. Eston teston at securestate.com
Fri Oct 12 18:26:28 UTC 2012


Matteo,

I can write the Web Service Testing section (XML Interpreter).  However, as part of the web service testing methodology I assisted on for Black Hat USA last year there are other items to include besides how to exploit the areas listed in the XML Interpreter section.  For example, I'd like to include items specific to information gathering and web services and testing for web service management misconfigurations (example: Axis2 or GlassFish).  These two sections could be added to sections 4.2 and 4.3 respectively.  BPEL testing should also be added to the XML Interpreter section as well.  Also, can we reference the section "XML Interpreter" as "Web Services" instead?  Or could you name it "XML Interpreter (Web Services)" for context clarification and for ease of reference?

Thanks,

Tom Eston | Manager, Profiling & Penetration Team | SecureState 
216.927.8200 - office| 216.927.8266 - direct | 440.670.3798 - mobile


-----Original Message-----
From: Matteo Meucci [mailto:matteo.meucci at owasp.org] 
Sent: Tuesday, October 09, 2012 11:37 AM
To: owasp-testing at lists.owasp.org
Subject: [Owasp-testing] Testing Guide v4: 2nd phase: Writing

Hi all,
I've reviewed the ToC and add a new paragraph for each new issue to write.
https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents#4._Web_Application_Penetration_Testing

For example a new article will be like that:
https://www.owasp.org/index.php/Testing_for_HTTP_Parameter_pollution_%28OWASP-DV-004%29

Regarding the set of articles to review I linked the v3 articles with the idea to modify that.
For example:
https://www.owasp.org/index.php/Testing_for_Reflected_Cross_site_scripting_%28OWASP-DV-001%29

So from now the wiki will be our draft for v4 and v3 will be available only via PDF.

Many of you are not assigned to an article.
Please, from now tell me what section would you like to write. We have to assign all the articles in the next few days.

Feedback: The Toc is completed at 90%, please send me your feedback about the new ToC and my notes in the Toc.

Now we can start writing!
Please keep me update (I monitor all the changes on the wiki). Use the ml for general discussion and my email for specific issues.

Thanks,
Mat


--
Matteo Meucci
OWASP Testing Guide Lead
OWASP Italy President
_______________________________________________
Owasp-testing mailing list
Owasp-testing at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-testing

********************************************************************************************
This email, and any attachments sent with it, are confidential property of SecureState and are intended solely for the use of the individual to whom it is addressed. Anyone who attempts to view, modify or replicate this email in any way will be prosecuted to the fullest extent of the law. If you are not an intended recipient, you may not review, copy or distribute this message. If you have received this communication in error please notify the sender immediately by replying to this e-mail and delete the original message. Please contact the sender if you believe you have received this email in error.
********************************************************************************************
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 476 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20121012/eb4f4bba/attachment.pgp>


More information about the Owasp-testing mailing list