[Owasp-testing] Testing Guide V4 - Start up

Eduardo Castellanos guayin at gmail.com
Tue Sep 4 02:58:33 UTC 2012


Hello,

What about a section for cryptographic attacks? Bad use of crypto functions
in general. (Hash Length Extension, etc.) or would that be outside the
scope of the guide?

Related links:


   - https://blog.whitehatsec.com/hash-length-extension-attacks/
   - https://www.owasp.org/index.php/Category:Cryptographic_Vulnerability
   -
   http://blogs.msdn.com/b/ace_team/archive/2008/11/13/vulnerabilities-due-to-improper-use-of-crypto-part-1.aspx


Eduardo Castellanos N.


On Mon, Sep 3, 2012 at 8:01 PM, Robert Winkel <
robert.winkel at saltbushgroup.com> wrote:

> I have taken the liberty of assigning myself against several of the
> Authentication Testing test cases.  I am happy to hand those over if
> someone
> is interested in be assigned to those instead.
>
> What happened to the Denial of Service test cases?
>
> Is there a template to adhere to when the writing stage begins?
>
> _______________________________________
> Robert “Bull” Winkel
> Director Saltbush Assurance
> email: robert.winkel at saltbushgroup.com
> http://www.linkedin.com/in/robertwinkel
>
>
> -----Original Message-----
> From: owasp-testing-bounces at lists.owasp.org
> [mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Matteo Meucci
> Sent: Friday, 31 August 2012 1:40 AM
> To: owasp-testing at lists.owasp.org
> Subject: [Owasp-testing] Testing Guide V4 - Start up
>
> Hi all Testing Guide contributors.
>
> Testing Guide v4 has been approved as Projects Reboot 2012!
> https://www.owasp.org/index.php/Projects_Reboot_2012
>
> Here is the list of contributors I've collected:
>
> Pavol Luptak
> Marco Morana
> Giorgio Fedon
> Stefano Di Paola
> Gianrico Ingrosso
> Giuseppe Bonfà
> Roberto Suggi Liverani
> Robert Smith
> Andrew Muller
> Robert Winkel
> tripurari rai
> Thomas Ryan
> tim bertels
> Cecil Su
> Aung KhAnt
> Norbert Szetei
> michael.boman
> Wagner Elias
> Kevin Horvat
> Juan Galiana Lara
> Kenan Gursoy
> Jason Flood
> Javier Marcos de Prado
> Sumit Siddharth
> Mike Hryekewicz
> psiinon
> Ray Schippers
> Raul Siles
> Jayanta Karmakar
> Brad Causey
> Vicente Aguilera
> Ismael Gonçalves
>
> Reviewers team:
>
> Paolo Perego
> Daniel Cuthbert
> Matthew Churcher
> Lode Vanstechelman
> Sebastien Gioria
>
>
> Introduction and Project purpose for v4:
> ============================ ============= The OWASP Testing Guide v3
> includes a "best practice" penetration testing framework which users can
> implement in their own organizations and a "low level" penetration testing
> guide that describes techniques for testing most common web application and
> web service security issues. Nowadays the Testing Guide has become the
> standard to perform a Web Application Penetration Testing and many
> Companies
> all around the world have adopted it.
> It is vital for the project mantaining an updated project that represents
> the state of the art for WebAppSec.
>
> Project Roadmap
> =============
>
> - (1) 1st phase: Brainstorming and create a new table of contents
>
> Objective: creating a new table of contents of the OTGv4 assigning a task
> for each contributor.
> I created a new OWASP Testing Guide v4 table of Contents here:
> https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
>
> - (2) 2nd phase:  Writing
> 20th September 2012: Start writing the articles 1st November 2012: 1st
> Draft
> 30th November: end of writing phase
>
> - (3) 3rd phase: Reviewing
>
> - 1st December 2012: Starting the review phase,
> - 15th December 2012: Create the RC1,
> - 31st January 2013: Release the version 4.
>
> Timeline November 2012 1st Draft, January 2013 Final Release
>
> So, let's start discussion about phase (1)!
>
> Thanks!
> Mat
>
> --
> Matteo Meucci
> OWASP Testing Guide Lead
> OWASP-Italy President
>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20120903/392e06a3/attachment.html>


More information about the Owasp-testing mailing list