[Owasp-testing] Testing Guide V4 - Start up

Juan Galiana jgaliana at owasp.org
Mon Sep 3 08:23:42 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

The contents of the TG are organized based on types of vulnerabilities
and is not feature oriented, so we have to think the best way to add
this new content regarding HTML5 (and mobile).
As I can see in the new table of contents[1], the section for Ajax
Testing is not there anymore, but there is a new "Client Side Testing
(New!)". Is this the best place?
Other approach would be to review different sections and update them
with the bits that have changed. For example in the case of CORS, if
the URLs passed to XMLHttpRequest.open are not validated that can lead
to code injection, so there is the option to review each appropriate
section (for example in this case XSS) and add the specific content
for the new features.


[1]
https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents



Juan Galiana
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)

iQIcBAEBAgAGBQJQRGkOAAoJEBxa26374/HXcvAP/jhmB2E6OVMrjDdIqfa9SRyA
URxaZZf3h3dKE17htwZ4nNRlLZ40dLlY4YcxEuYWMJrSVS1FdQiDia9bCsIREHT+
rZqGpNfhb7ZHc9KJ96lROV/oD9CwMiST2VFOMzENz6SozYzuEO5cbaU1VYd34HpV
F5kiKsCsHrN8mSl98Nlg9M95wu6WBW8LI5o5JK99sr7ZQ1gNPjmvM/MP6TCSW0Du
E9gxWLg7s5hKJifw0GcS90MGAuNf7zf2/vrX9staZXJbjsnLI4rtQCtT0JklcxYL
SpZXsj+Oo825CD9SXOVG+kyet9AkJOw5N714p+GZj8NoRibmwNyx7PFZ5l+RtNFf
hOHuVs9PqEQfivR9HdMVUy0Yv60XQDhVZKfev0lszf1orloPD0M6+AgBgbK4IFnT
pQOxrRHTRqs3ih2Dpvxu1w4BEBjPmE9Gp7/Prz5MZIo2yGoMwHoJQWo3wlcdBe4T
/i4BVjtAoJ9qE1SwCygWMrM90ZhVb7KW4+6Ks943erZja37pJtepugvCLlgyE6NX
oE6E3pqswfgBBkxZztuzNZMxG2jCjb4IQ77MLoMzyagcNiFgU1k33REjxnIeSRp4
Mo/qD3ByHIZ2S0hYymOoZ8av0YJOb8uw7reeo+Wcf2r2Oh24FJAq/Pk6aMrdNCwc
SW9/+msuQp44ypIge74d
=3Oew
-----END PGP SIGNATURE-----


More information about the Owasp-testing mailing list