[Owasp-testing] Testing Guide V4 - Start up

Ismael Rocha ismaelrocha.projetos at gmail.com
Tue Sep 25 21:46:21 UTC 2012


Hello All!

We had a lot of suggestions for the ToC and I´m wondering if the ToC is
already defined and when we are going to start writing.

Regards.

Ismael Gonçalves

On Tue, Sep 25, 2012 at 10:57 AM, rick.mitchell at bell.ca <
rick.mitchell at bell.ca> wrote:

> Has anyone put any thought into test cases for HTML5 localstorage [1,2] or
> web sockets [3,4,5]? I also recall reading some articles last year that
> suggested there were weaknesses in the Cross-origin resource sharing (CORS)
> implementation (draft spec).****
>
> ** **
>
> I sadly haven’t had lots of time to look into these but I can foresee
> various security issues related to such technology.****
>
> ** **
>
> [1] http://www.w3schools.com/html/html5_webstorage.asp****
>
> [2] http://diveintohtml5.info/storage.html****
>
> ** **
>
> [3] http://dev.w3.org/html5/websockets/ ****
>
> [4] http://en.wikipedia.org/wiki/WebSocket****
>
> [5]
> http://net.tutsplus.com/tutorials/javascript-ajax/start-using-html5-websockets-today/
> ****
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> *From:* owasp-testing-bounces at lists.owasp.org [mailto:
> owasp-testing-bounces at lists.owasp.org] *On Behalf Of *Juan Galiana
> *Sent:* September 13, 2012 4:47 AM
> *To:* owasp-testing at lists.owasp.org
>
> *Subject:* Re: [Owasp-testing] Testing Guide V4 - Start up****
>
> ** **
>
> I've moved "Directory traversal/file include" from Authentication to
> Authorization as this sections is more appropriate.
>
> And I've added HTML5 as a subsection of Client Side Testing to cover
> specific vulnerabilities of HTML5 like XMLHttpRequest Level 2 cross-domain
> security issues.
>
> I wrote my name under some sections too.
>
>
> ****
>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>


-- 
Ismael Gonçalves
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20120925/6708e7e3/attachment.html>


More information about the Owasp-testing mailing list