[Owasp-testing] Testing Guide V4: Stop writing, start the review

Mitchell, Rick (6030318) rick.mitchell at bell.ca
Wed Apr 2 01:12:45 UTC 2014

We're on different pages. Perhaps the index to the guide is not still in the order/format you're thinking of..... I dunno but you're making associations that I never made or suggested.

Starting at https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents goto section 4.2.1: "4.2.1 Conduct Search Engine Discovery and Reconnaissance for Information Leakage (OTG-INFO-001) formerly "Search Engine Discovery/Reconnaissance (OWASP-IG-002)""


In which the lead-in talks about direct and indirect methods, yet the content of said page/article only covers direct methods. For my 2cents if indirect methods are not going to be covered within 4.2.1 then they should be mentioned in the lead-in to that section. (Perhaps they're covered elsewhere, perhaps they're not, but introducing something and then not covering it in the same section seems broken.)


-----Original Message-----
From: Christian Heinrich [mailto:christian.heinrich at cmlh.id.au] 
Sent: Tuesday, April 01, 2014 8:22 PM
To: Mitchell, Rick (6030318)
Cc: owasp-testing at lists.owasp.org
Subject: Re: [Owasp-testing] Testing Guide V4: Stop writing, start the review


On Wed, Apr 2, 2014 at 10:24 AM, Mitchell, Rick (6030318) <rick.mitchell at bell.ca> wrote:
> Hi Christian, I think I was unclear. When I suggested something should be removed it was simply the references to "Indirect methods" which are mentioned in the lead-in but not actually covered at all in the article. I wasn't suggesting that INFO-001 should be dropped entirely.

I am not sure how you concluded that OWASP-IG-009 isn't covered in
OWASP-INFO-003 unless you mean that OWASP-IG-009 could be expanded?

I still support the removal of OWASP-INFO-001 from v4.

On Wed, Apr 2, 2014 at 10:24 AM, Mitchell, Rick (6030318) <rick.mitchell at bell.ca> wrote:
> As for the reference links my confusion is that there seem to be two 
> [1]s which lead to different locations. (There might be two [2]s or 
> [3]s too, I don't recall right this second and don't have time to 
> check.)

Mediawiki appears to add [x] as the URL of the hyperlink and their numbering duplicates the footnotes added by the author.

Mediawiki has created eight of these while their are four in the "References" section that I created.

I believe the resolution would be to use [a], [b], [c], etc instead and have Mediawiki continue the configuration that generates [1], [2], [3], etc?

Christian Heinrich


More information about the Owasp-testing mailing list