[Owasp-testing] V4 Update ideas

David Fern dfern at verizon.net
Thu Sep 27 10:28:50 UTC 2012

Great Point!
I think taht this means that we need to specifically at the beginning of the document "Who the intended audience is" 
I think the guide should be the "one stop shop" for the "newbie"
Not rewriting the other documents but tieing them together in one place so an experience person can use it as a quick reference and the newbie can use it to leran.  
David :)

 From: Agazzini Maurizio <inode at mediaservice.net>
To: owasp-testing at lists.owasp.org 
Sent: Thursday, September 27, 2012 5:03 AM
Subject: Re: [Owasp-testing] V4 Update ideas
On 27/09/2012 01:42, Christian Heinrich wrote:
> The above is already covered in other documents (outside of OWASP) and
> we would ultimately just be duplicating their information without
> providing any additional value.
> Since @mediaservice contribute to the OSSTMM i.e.
> http://www.isecom.org/team.html then maybe you could include the
> relevant links to/from the OWASP Testing Guide v4?

Hi Christian,

Before starting write to the ML for the new ideas/contributions we
discuss (some colleagues) how OWASP Testing Guide can be a better guide,
we tried to ask ourself what are the point that a newbie "web app
pentester" need to learn to do the job.

It's true a lot of our proposal can be found on others documents, we are
not creating nothing new, but all OWASP TG chapter/info can be found in
others places. As wrote on the project overview, the goal of the project
it's create a "best practices web application penetration testing
framework", so why exclude some things useful for the testers?

A skilled pentester (maybe one that do also others kind of PT) doesn't
need all these info for do the job, he don't need a chapter about
finding the web server technology or a chapter about how to identify if
a WAF is on the target. So what's the correct audience of OWASP TG? For
who is OWASP TG?

Add just some links to the testing guide it's a way, but I'm not sure
that is the best way for OWASP to grow.

I hope that also others people will reply to this topic to know also
others thought.



Maurizio Agazzini                     CISSP, OPST
Senior Security Advisor               Gsm: +39-346-52.09.207
@ Mediaservice.net Srl                Tel: +39-011-32.72.100
Via Santorelli, 15                    Fax: +39-011-32.46.497
10095 Grugliasco (TO) ITALY           http://mediaservice.net/disclaimer

"C programmers never die. They are just cast into void"
Owasp-testing mailing list
Owasp-testing at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20120927/b772bd5d/attachment.html>

More information about the Owasp-testing mailing list