[Owasp-testing] OWASP-EN-002

rick.mitchell at bell.ca rick.mitchell at bell.ca
Wed Dec 11 15:47:35 UTC 2013


Thanks Tomas.

To the group I understand we're trying to go gold or go live with v4 mid-Dec, however almost every time I look at content I find little bits of wrongness or things that haven't changed since v3. Which may not be the end of the world but I wanted to put it out there. I'm trying to find more time to review content and make contribs but I'm not going to make it for mid-Dec. Perhaps others have accomplished lots lately (I haven't been able to look around even) but I know I haven't been able to spend time on it. How solid is the 15th as our date?

For example in the section Tomas worked on I note:
"Some tools and scanners both free - e.g. SSLAudit [28] or SSLScan [29] and commercial - e.g. Tenable Nessus [27], and other used into examples..."

Which uses "and" multiple times being awkward. So is "...other used into examples...." which needs to be re-written.

Rick

From: owasp-testing-bounces at lists.owasp.org [mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Tomas Zatko
Sent: December 11, 2013 9:35 AM
To: owasp-testing at lists.owasp.org
Subject: [Owasp-testing] OWASP-EN-002

Hello,

I just recently registered on the wiki and subscribed to testing guide. Me and my colleagues would like to help with OTG. My first contribution is to OWASP-EN-002. I added small part on testing ssl/tls enabled services behind http proxy and also did few minor changes. Diff is here: https://www.owasp.org/index.php?title=Testing_for_Weak_SSL%2FTSL_Ciphers%2C_Insufficient_Transport_Layer_Protection_%28OWASP-EN-002%29&diff=164528&oldid=164203

--
Tomas Zatko, CISSP, CEH
www.citadelo.com<http://www.citadelo.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20131211/adf2d59f/attachment.html>


More information about the Owasp-testing mailing list