[Owasp-testing] Testing Guide v4: 2nd phase: Writing

Eduardo Castellanos guayin at gmail.com
Wed Jan 2 23:19:30 UTC 2013


@Andrew,  I'm more inclined towards the data validation section as the main
issue here would be that the file extension or the file's contents is not
properly validated/sanitized.

@Jim Manico, That's awesome, we only need to reformat it and find a place
for it on the guide.

Regards,


Eduardo Castellanos N.


On Wed, Jan 2, 2013 at 5:04 PM, Andrew Muller <andrew at ionize.com.au> wrote:

> Hi Eduardo,
>
>   I believe we should test for this (I know we currently do). I would
> suggest putting it into the business logic section given that it is largely
> a business decision as to what file types should be accepted for upload.
>
>
>
> regards,
>
>   Andrew
>
>  ------------------------------
>
> *From: *"Eduardo Castellanos" <guayin at gmail.com>
> *To: *owasp-testing at lists.owasp.org
> *Sent: *Thursday, 3 January, 2013 9:46:41 AM
>
> *Subject: *Re: [Owasp-testing] Testing Guide v4: 2nd phase: Writing
>
> Hello,
>
> I was wondering in what part of the guide do we check for
> unrestricted/unvalidated file uploads? Should it be a new issue to test for?
>
> Regards,
>
> Eduardo Castellanos N.
>
>
> On Fri, Nov 9, 2012 at 3:08 AM, Andrew Muller <andrew at ionize.com.au>wrote:
>
>> Understood. I'll get writing
>>
>> ----- Original Message -----
>> From: Matteo Meucci <matteo.meucci at owasp.org>
>> To: Andrew Muller <andrew at ionize.com.au>
>> Cc: owasp-testing at lists.owasp.org
>> Sent: Fri, 09 Nov 2012 19:54:24 +1100 (EST)
>> Subject: Re: [Owasp-testing] Testing Guide v4: 2nd phase: Writing
>>
>> Hi Andrew,
>> We started writing to have a first draft of the guide soon.
>> Then we can review the ToC and understand what we can improve.
>> Make sense?
>>
>> Thanks,
>> Mat
>>
>> On 11/09/2012 05:50 AM, Andrew Muller wrote:
>> > Hi Matteo,
>> >
>> > It's been a bit quiet on the v4 Wiki. When did you want the ToC to be
>> > finalised and writing on each of the test cases to completed?
>> >
>> >
>> >
>> > regards,
>> >
>> > Andrew.
>> >
>> > ------------------------------------------------------------------------
>> >
>> > *From: *"Matteo Meucci" <matteo.meucci at owasp.org>
>> > *To: *owasp-testing at lists.owasp.org
>> > *Sent: *Wednesday, 10 October, 2012 2:36:40 AM
>> > *Subject: *[Owasp-testing] Testing Guide v4: 2nd phase: Writing
>> >
>> > Hi all,
>> > I've reviewed the ToC and add a new paragraph for each new issue to
>> write.
>> >
>> https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents#4._Web_Application_Penetration_Testing
>> >
>> > For example a new article will be like that:
>> >
>> https://www.owasp.org/index.php/Testing_for_HTTP_Parameter_pollution_%28OWASP-DV-004%29
>> >
>> > Regarding the set of articles to review I linked the v3 articles with
>> > the idea to modify that.
>> > For example:
>> >
>> https://www.owasp.org/index.php/Testing_for_Reflected_Cross_site_scripting_%28OWASP-DV-001%29
>> >
>> > So from now the wiki will be our draft for v4 and v3 will be available
>> > only via PDF.
>> >
>> > Many of you are not assigned to an article.
>> > Please, from now tell me what section would you like to write. We have
>> > to assign all the articles in the next few days.
>> >
>> > Feedback: The Toc is completed at 90%, please send me your feedback
>> > about the new ToC and my notes in the Toc.
>> >
>> > Now we can start writing!
>> > Please keep me update (I monitor all the changes on the wiki). Use the
>> > ml for general discussion and my email for specific issues.
>> >
>> > Thanks,
>> > Mat
>> >
>> >
>> > --
>> > Matteo Meucci
>> > OWASP Testing Guide Lead
>> > OWASP Italy President
>> > _______________________________________________
>> > Owasp-testing mailing list
>> > Owasp-testing at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-testing
>> >
>>
>> --
>> --
>> Matteo Meucci
>> OWASP Testing Guide Lead
>> OWASP Italy President
>>
>> --
>> __________________________
>> Andrew Muller
>> Ionize Pty Ltd
>> Information Security Consultants
>>
>>
>> Level 1
>> 44-52 Townshend St
>> PHILLIP ACT 2606
>>
>> P: 02 6108 3695 | Mobile: 0400 481 179 | Fax: 02 6223 5244
>> E-mail: andrew at ionize.com.au
>>  _______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>
>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20130102/a5e1c946/attachment.html>


More information about the Owasp-testing mailing list