[Owasp-testing] Testing Guide V4: Stop writing, start the review

Christian Heinrich christian.heinrich at cmlh.id.au
Wed Apr 2 01:21:58 UTC 2014


was my last contribution (August 2008) to this wiki page.

I would encourage OWASP to delete OTG-INFO-001 from v4 as it deviates
significantly from what I presented too i.e.

On Wed, Apr 2, 2014 at 12:12 PM, Mitchell, Rick (6030318)
<rick.mitchell at bell.ca> wrote:
> We're on different pages. Perhaps the index to the guide is not still in the order/format you're thinking of..... I dunno but you're making associations that I never made or suggested.
> Starting at https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents goto section 4.2.1: "4.2.1 Conduct Search Engine Discovery and Reconnaissance for Information Leakage (OTG-INFO-001) formerly "Search Engine Discovery/Reconnaissance (OWASP-IG-002)""
> https://www.owasp.org/index.php/Testing:_Search_engine_discovery/reconnaissance_%28OWASP-IG-002%29
> In which the lead-in talks about direct and indirect methods, yet the content of said page/article only covers direct methods. For my 2cents if indirect methods are not going to be covered within 4.2.1 then they should be mentioned in the lead-in to that section. (Perhaps they're covered elsewhere, perhaps they're not, but introducing something and then not covering it in the same section seems broken.)

More information about the Owasp-testing mailing list