[Owasp-testing] Testing Guide V4 - Start up

daniel cuthbert daniel.cuthbert at owasp.org
Sun Sep 2 18:46:53 UTC 2012


hey al

the original aim of the guide was to be as agnostic as possible with
regards to tools, leaving the tool choice up to the person doing the
test. Where possible, however, we should use readily available tools
that aren't of commercial nature. I love what the ZAP team are doing,
it's a great tool and readily available/updated, so in this case it
would work out well.

On 30 August 2012 21:58, Amro <amro at owasp.org> wrote:
> Please count me in as well .. Are we gonna use ZAP instead of WebScarab in the new version?
>
> Regards,
> Amro
> Sent from BlackBerry®. Excuse typo's and brevity.
>
> -----Original Message-----
> From: Matteo Meucci <matteo.meucci at owasp.org>
> Sender: owasp-testing-bounces at lists.owasp.org
> Date: Thu, 30 Aug 2012 17:40:29
> To: <owasp-testing at lists.owasp.org>
> Subject: [Owasp-testing] Testing Guide V4 - Start up
>
> Hi all Testing Guide contributors.
>
> Testing Guide v4 has been approved as Projects Reboot 2012!
> https://www.owasp.org/index.php/Projects_Reboot_2012
>
> Here is the list of contributors I've collected:
>
> Pavol Luptak
> Marco Morana
> Giorgio Fedon
> Stefano Di Paola
> Gianrico Ingrosso
> Giuseppe Bonfà
> Roberto Suggi Liverani
> Robert Smith
> Andrew Muller
> Robert Winkel
> tripurari rai
> Thomas Ryan
> tim bertels
> Cecil Su
> Aung KhAnt
> Norbert Szetei
> michael.boman
> Wagner Elias
> Kevin Horvat
> Juan Galiana Lara
> Kenan Gursoy
> Jason Flood
> Javier Marcos de Prado
> Sumit Siddharth
> Mike Hryekewicz
> psiinon
> Ray Schippers
> Raul Siles
> Jayanta Karmakar
> Brad Causey
> Vicente Aguilera
> Ismael Gonçalves
>
> Reviewers team:
>
> Paolo Perego
> Daniel Cuthbert
> Matthew Churcher
> Lode Vanstechelman
> Sebastien Gioria
>
>
> Introduction and Project purpose for v4:
> ============================ =============
> The OWASP Testing Guide v3 includes a "best practice" penetration
> testing framework which users can implement in their own organizations
> and a "low level" penetration testing guide that describes techniques
> for testing most common web application and web service security
> issues. Nowadays the Testing Guide has become the standard to perform
> a Web Application Penetration Testing and many Companies all around
> the world have adopted it.
> It is vital for the project mantaining an updated project that
> represents the state of the art for WebAppSec.
>
> Project Roadmap
> =============
>
> - (1) 1st phase: Brainstorming and create a new table of contents
>
> Objective: creating a new table of contents of the OTGv4
> assigning a task for each contributor.
> I created a new OWASP Testing Guide v4 table of Contents here:
> https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
>
> - (2) 2nd phase:  Writing
> 20th September 2012: Start writing the articles
> 1st November 2012: 1st Draft
> 30th November: end of writing phase
>
> - (3) 3rd phase: Reviewing
>
> - 1st December 2012: Starting the review phase,
> - 15th December 2012: Create the RC1,
> - 31st January 2013: Release the version 4.
>
> Timeline November 2012 1st Draft, January 2013 Final Release
>
> So, let's start discussion about phase (1)!
>
> Thanks!
> Mat
>
> --
> Matteo Meucci
> OWASP Testing Guide Lead
> OWASP-Italy President
>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing


More information about the Owasp-testing mailing list