[Owasp-testing] Testing Guide v4: 2nd phase: Writing

Jim Manico jim.manico at owasp.org
Wed Jan 2 22:56:35 UTC 2013


Some reasonable content on this here:

 https://www.owasp.org/index.php/Unrestricted_File_Upload

- Jim

> Hello,
> 
> I was wondering in what part of the guide do we check for
> unrestricted/unvalidated file uploads? Should it be a new issue to test for?
> 
> Regards,
> 
> Eduardo Castellanos N.
> 
> 
> On Fri, Nov 9, 2012 at 3:08 AM, Andrew Muller <andrew at ionize.com.au> wrote:
> 
>> Understood. I'll get writing
>>
>> ----- Original Message -----
>> From: Matteo Meucci <matteo.meucci at owasp.org>
>> To: Andrew Muller <andrew at ionize.com.au>
>> Cc: owasp-testing at lists.owasp.org
>> Sent: Fri, 09 Nov 2012 19:54:24 +1100 (EST)
>> Subject: Re: [Owasp-testing] Testing Guide v4: 2nd phase: Writing
>>
>> Hi Andrew,
>> We started writing to have a first draft of the guide soon.
>> Then we can review the ToC and understand what we can improve.
>> Make sense?
>>
>> Thanks,
>> Mat
>>
>> On 11/09/2012 05:50 AM, Andrew Muller wrote:
>>> Hi Matteo,
>>>
>>> It's been a bit quiet on the v4 Wiki. When did you want the ToC to be
>>> finalised and writing on each of the test cases to completed?
>>>
>>>
>>>
>>> regards,
>>>
>>> Andrew.
>>>
>>> ------------------------------------------------------------------------
>>>
>>> *From: *"Matteo Meucci" <matteo.meucci at owasp.org>
>>> *To: *owasp-testing at lists.owasp.org
>>> *Sent: *Wednesday, 10 October, 2012 2:36:40 AM
>>> *Subject: *[Owasp-testing] Testing Guide v4: 2nd phase: Writing
>>>
>>> Hi all,
>>> I've reviewed the ToC and add a new paragraph for each new issue to
>> write.
>>>
>> https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents#4._Web_Application_Penetration_Testing
>>>
>>> For example a new article will be like that:
>>>
>> https://www.owasp.org/index.php/Testing_for_HTTP_Parameter_pollution_%28OWASP-DV-004%29
>>>
>>> Regarding the set of articles to review I linked the v3 articles with
>>> the idea to modify that.
>>> For example:
>>>
>> https://www.owasp.org/index.php/Testing_for_Reflected_Cross_site_scripting_%28OWASP-DV-001%29
>>>
>>> So from now the wiki will be our draft for v4 and v3 will be available
>>> only via PDF.
>>>
>>> Many of you are not assigned to an article.
>>> Please, from now tell me what section would you like to write. We have
>>> to assign all the articles in the next few days.
>>>
>>> Feedback: The Toc is completed at 90%, please send me your feedback
>>> about the new ToC and my notes in the Toc.
>>>
>>> Now we can start writing!
>>> Please keep me update (I monitor all the changes on the wiki). Use the
>>> ml for general discussion and my email for specific issues.
>>>
>>> Thanks,
>>> Mat
>>>
>>>
>>> --
>>> Matteo Meucci
>>> OWASP Testing Guide Lead
>>> OWASP Italy President
>>> _______________________________________________
>>> Owasp-testing mailing list
>>> Owasp-testing at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>>
>>
>> --
>> --
>> Matteo Meucci
>> OWASP Testing Guide Lead
>> OWASP Italy President
>>
>> --
>> __________________________
>> Andrew Muller
>> Ionize Pty Ltd
>> Information Security Consultants
>>
>>
>> Level 1
>> 44-52 Townshend St
>> PHILLIP ACT 2606
>>
>> P: 02 6108 3695 | Mobile: 0400 481 179 | Fax: 02 6223 5244
>> E-mail: andrew at ionize.com.au
>> _______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>
> 
> 
> 
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
> 



More information about the Owasp-testing mailing list