[Owasp-testing] OWASP Testing Guide v4 call for contributions

Andrew Muller andrew.muller at owasp.org
Sun Aug 4 13:46:49 UTC 2013

Hi again fellow OWASP testers,
  We've had a steady flow of offers for help getting version 4 of the
Testing Guide written and reviewed. So we're starting the August sprint *NOW
*! If you've already been assigned articles, use August to author, review
and update your articles in the wiki (
If you've been assigned an article with another author, then *please
collaborate with them*. Names are emails are included in the Paragraph
Management spreadsheet for this very purpose.

During August we'll continually review where we're at, and if you're
struggling to commit the time to complete your tasks or you're fighting
ideological battles with your co-authors, then please let us know early.
Please try to give us some idea of your progress throughout the month.

We've still got a few articles that need to be adopted by an author, but we
can't wait around and will pick them up either mid-sprint or next sprint.
Let us (Sam, Matt or myself) know if you're interested in taking on any of
these articles: Oracle Testing SQL Server Testing Testing PostgreSQL (from OWASP BSP) MS Access Testing
4.8.15 Testing for Buffer overflow (OTG-INPVAL-015) formerly "Testing for
Buffer overflow (OWASP-DV-014)" Testing for Heap overflow Testing for Stack overflow Testing for Format string
4.8.16 Testing for incubated vulnerabilities (OTG-INPVAL-016) formerly
"Testing for incubated vulnerabilities (OWASP-DV-015)"
4.8.17 Testing for HTTP Splitting/Smuggling (OTG-INPVAL-017) formerly
"Testing for HTTP Splitting/Smuggling (OWASP-DV-016)"
4.9.1 Analysis of Error Codes (OTG-ERR-001) formerly "Analysis of Error
Codes (OWASP-IG-006)"
4.10.3 Testing for Padding Oracle (OTG-CRYPST-003) formerly "Testing for
Padding Oracle (OWASP-EN-003)"
4.11.1 Test time synchronisation (OTG-LOG-001) formerly "Incorrect time"
4.11.2 Test user-viewable log of authentication events (OTG-LOG-002)
4.13.1 Test Regular expression DoS (OTG-DOS-001) [New!] note: to understand
4.15.3 Testing for Cross Site Flashing (OTG-CLIENT-003) formerly "Testing
for Cross Site Flashing (OWASP-CS-003)"

Some of these articles already have content that just needs to be reviewed
and updated, while others are completely new and need to be authored. Let
us know if you can take on any of these.

Have a great and productive August and we're looking forward to a
successful sprint at the end of the month.

all the best,

Canberra, Australia Chapter Leader
Testing Guide Co-leader

On Tue, Jul 30, 2013 at 11:26 PM, Andrew Muller <andrew.muller at owasp.org>wrote:

> Hi OWASP testers,
>   The Testing Guide is one of the most visible OWASP products and used by
> testers all over the world. So Matteo and I are seeking contributors for
> the update to the Guide. We've cataloged all of the articles that require
> writing, how much effort is required and started a list of contributors to
> each of these articles (
> https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AmEhPtZ0cHq3dDc5ZFI0Nm9oSkhzNkNxTzNJbGdPdVE#gid=0
> ).
> Many of the main tasks required for release are now complete, so now we're
> focused on a sprint to release. For this we need your help. We're asking
> OWASP testers to help us find and revive contributors with the time,
> expertise and [most importantly] commitment to complete the writing of
> Testing Guide articles. Currently we are seeking contributors for the
> Authorization chapter, many Data Validation articles and Cryptography
> chapter, but need many more to help write and review other articles. We'll
> be conducting a set of sprints to get the revision wrapped up and released
> by the *end of 2013*. *The first sprint will be over the month of August*.
> One of the key tasks we're seeking to achieve is alignment between the
> Testing Guide and other OWASP products, chiefly the Dev Guide. Finding
> vulnerabilities is only the halfway point to fixing them. Again, we've
> cataloged the Test Guide test cases and aligned them with their equivalents
> in the Dev and Code Review Guides. The list is incomplete, but we're making
> progress (
> https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0ArkIkLbjWyP6dGhsNkdGLXhKanZqcklmWG41blZ3WWc#gid=0).
> So if you've worked on the Dev or Code Review Guide, we could also use your
> help.
> Sam Groves will be helping us wrangle the contributors (including Mat and
> myself) so if you hear from her, please don't ignore her. Even two words in
> an email will let everyone know how you're progressing.
> So strap in and get ready for Version 4 of the Testing Guide!
> regards,
> Andrew Muller
> Testing Guide Project co-leader
> Canberra, Australia chapter leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20130804/b5f6ed54/attachment.html>

More information about the Owasp-testing mailing list