[Owasp-testing] Testing Guide v4: 2nd phase: Writing

Andrew Muller andrew at ionize.com.au
Wed Jan 2 23:04:22 UTC 2013


Hi Eduardo, 
  I believe we should test for this (I know we currently do). I would suggest putting it into the business logic section given that it is largely a business decision as to what file types should be accepted for upload. 

regards, 
  Andrew 


----- Original Message -----

From: "Eduardo Castellanos" <guayin at gmail.com> 
To: owasp-testing at lists.owasp.org 
Sent: Thursday, 3 January, 2013 9:46:41 AM 
Subject: Re: [Owasp-testing] Testing Guide v4: 2nd phase: Writing 


Hello,  


I was wondering in what part of the guide do we check for unrestricted/unvalidated file uploads? Should it be a new issue to test for? 


Regards, 


Eduardo Castellanos N. 


On Fri, Nov 9, 2012 at 3:08 AM, Andrew Muller < andrew at ionize.com.au > wrote: 


Understood. I'll get writing 



----- Original Message ----- 
From: Matteo Meucci & lt;matteo.meucci at owasp.org > 
To: Andrew Muller & lt;andrew at ionize.com.au > 
Cc: owasp-testing at lists.owasp.org 
Sent: Fri, 09 Nov 2012 19:54:24 +1100 (EST) 
Subject: Re: [Owasp-testing] Testing Guide v4: 2nd phase: Writing 

Hi Andrew, 
We started writing to have a first draft of the guide soon. 
Then we can review the ToC and understand what we can improve. 
Make sense? 

Thanks, 
Mat 

On 11/09/2012 05:50 AM, Andrew Muller wrote: 
> Hi Matteo, 
> 
> It's been a bit quiet on the v4 Wiki. When did you want the ToC to be 
> finalised and writing on each of the test cases to completed? 
> 
> 
> 
> regards, 
> 
> Andrew. 
> 
> ------------------------------------------------------------------------ 
> 
> *From: *"Matteo Meucci" < matteo.meucci at owasp.org > 
> *To: * owasp-testing at lists.owasp.org 
> *Sent: *Wednesday, 10 October, 2012 2:36:40 AM 
> *Subject: *[Owasp-testing] Testing Guide v4: 2nd phase: Writing 
> 
> Hi all, 
> I've reviewed the ToC and add a new paragraph for each new issue to write. 
> https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents#4._Web_Application_Penetration_Testing 
> 
> For example a new article will be like that: 
> https://www.owasp.org/index.php/Testing_for_HTTP_Parameter_pollution_%28OWASP-DV-004%29 
> 
> Regarding the set of articles to review I linked the v3 articles with 
> the idea to modify that. 
> For example: 
> https://www.owasp.org/index.php/Testing_for_Reflected_Cross_site_scripting_%28OWASP-DV-001%29 
> 
> So from now the wiki will be our draft for v4 and v3 will be available 
> only via PDF. 
> 
> Many of you are not assigned to an article. 
> Please, from now tell me what section would you like to write. We have 
> to assign all the articles in the next few days. 
> 
> Feedback: The Toc is completed at 90%, please send me your feedback 
> about the new ToC and my notes in the Toc. 
> 
> Now we can start writing! 
> Please keep me update (I monitor all the changes on the wiki). Use the 
> ml for general discussion and my email for specific issues. 
> 
> Thanks, 
> Mat 
> 
> 
> -- 
> Matteo Meucci 
> OWASP Testing Guide Lead 
> OWASP Italy President 
> _______________________________________________ 
> Owasp-testing mailing list 
> Owasp-testing at lists.owasp.org 
> https://lists.owasp.org/mailman/listinfo/owasp-testing 
> 

-- 
-- 
Matteo Meucci 
OWASP Testing Guide Lead 
OWASP Italy President 

-- 
__________________________ 
Andrew Muller 
Ionize Pty Ltd 
Information Security Consultants 


Level 1 
44-52 Townshend St 
PHILLIP ACT 2606 

P: 02 6108 3695 | Mobile: 0400 481 179 | Fax: 02 6223 5244 
E-mail: andrew at ionize.com.au 


_______________________________________________ 
Owasp-testing mailing list 
Owasp-testing at lists.owasp.org 
https://lists.owasp.org/mailman/listinfo/owasp-testing 




_______________________________________________ 
Owasp-testing mailing list 
Owasp-testing at lists.owasp.org 
https://lists.owasp.org/mailman/listinfo/owasp-testing 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20130103/994102d2/attachment-0001.html>


More information about the Owasp-testing mailing list