[Owasp-testing] Review Time & HTML5 Specific Topics?

rick.mitchell at bell.ca rick.mitchell at bell.ca
Mon Mar 4 13:48:28 UTC 2013

Hi Testing Guide list, looks like I'll have some time this week to review any new or modified content. If anyone wants to put their hand up to have their stuff looked at then please let me know. Otherwise I'll kind of be poking around blindly. (I'll mark any of my edits as reviewer or reviewed and any questions or thoughts will appear in the relevant wiki Discussion pages.)

I assume we're sticking with the details we agreed upon for v3? (https://lists.owasp.org/pipermail/owasp-testing/2008-June/001573.html)

Also for v4 have we considered any HTML5 specific topics like Web Sockets or local storage? I see that the index currently contains "4.11.2 Testing for HTML5 (OWASP CS-002) [Juan Galiana]" however that seems awfully vague and broad. It also suggests that you're trying to identify use of HTML5 not actual vulnerabilities or attack surface it may present (i.e.: I don't think we're really testing "for" HTML5, I think we're testing for weaknesses in or related to HTML5 specific technologies/capabilities. Aren't we?)


Rick Mitchell 
Security Analyst, Security Testing and Incident Response Team
Bell Business Markets
Phone: 613-785-4019
Email: rick.mitchell at bell.ca

More information about the Owasp-testing mailing list