[Owasp-testing] Testing Guide V4 - Start up

Matteo Meucci matteo.meucci at owasp.org
Wed Sep 26 06:32:11 UTC 2012


Hi all, 
Yes we have also too many items and some items repeated 2 times. I'm reviewing it and updating it. Next days we can start writing. 
Thank you all,
Mat



Il giorno 25/set/2012, alle ore 23:46, Ismael Rocha <ismaelrocha.projetos at gmail.com> ha scritto:

> Hello All!
> 
> We had a lot of suggestions for the ToC and I´m wondering if the ToC is already defined and when we are going to start writing.
> 
> Regards.
> 
> Ismael Gonçalves
> 
> On Tue, Sep 25, 2012 at 10:57 AM, rick.mitchell at bell.ca <rick.mitchell at bell.ca> wrote:
> Has anyone put any thought into test cases for HTML5 localstorage [1,2] or web sockets [3,4,5]? I also recall reading some articles last year that suggested there were weaknesses in the Cross-origin resource sharing (CORS) implementation (draft spec).
> 
>  
> 
> I sadly haven’t had lots of time to look into these but I can foresee various security issues related to such technology.
> 
>  
> 
> [1] http://www.w3schools.com/html/html5_webstorage.asp
> 
> [2] http://diveintohtml5.info/storage.html
> 
>  
> 
> [3] http://dev.w3.org/html5/websockets/
> 
> [4] http://en.wikipedia.org/wiki/WebSocket
> 
> [5] http://net.tutsplus.com/tutorials/javascript-ajax/start-using-html5-websockets-today/
> 
>  
> 
>  
> 
>  
> 
>  
> 
> From: owasp-testing-bounces at lists.owasp.org [mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Juan Galiana
> Sent: September 13, 2012 4:47 AM
> To: owasp-testing at lists.owasp.org
> 
> 
> Subject: Re: [Owasp-testing] Testing Guide V4 - Start up
>  
> 
> I've moved "Directory traversal/file include" from Authentication to Authorization as this sections is more appropriate. 
> 
> And I've added HTML5 as a subsection of Client Side Testing to cover specific vulnerabilities of HTML5 like XMLHttpRequest Level 2 cross-domain security issues.
> 
> I wrote my name under some sections too.
> 
> 
> 
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
> 
> 
> 
> 
> -- 
> Ismael Gonçalves
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20120926/71708dc3/attachment-0001.html>


More information about the Owasp-testing mailing list