[Owasp-testing] Testing Guide V4: Stop writing, start the review

Christian Heinrich christian.heinrich at cmlh.id.au
Wed Apr 2 01:21:58 UTC 2014


Rick,

https://www.owasp.org/index.php?title=Testing:_Conduct_search_engine_discovery/reconnaissance_for_information_leakage_(OTG-INFO-001)&oldid=37153
was my last contribution (August 2008) to this wiki page.

I would encourage OWASP to delete OTG-INFO-001 from v4 as it deviates
significantly from what I presented too i.e.
http://www.youtube.com/watch?v=BgXSlEenNeA

On Wed, Apr 2, 2014 at 12:12 PM, Mitchell, Rick (6030318)
<rick.mitchell at bell.ca> wrote:
> We're on different pages. Perhaps the index to the guide is not still in the order/format you're thinking of..... I dunno but you're making associations that I never made or suggested.
>
> Starting at https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents goto section 4.2.1: "4.2.1 Conduct Search Engine Discovery and Reconnaissance for Information Leakage (OTG-INFO-001) formerly "Search Engine Discovery/Reconnaissance (OWASP-IG-002)""
>
> https://www.owasp.org/index.php/Testing:_Search_engine_discovery/reconnaissance_%28OWASP-IG-002%29
>
> In which the lead-in talks about direct and indirect methods, yet the content of said page/article only covers direct methods. For my 2cents if indirect methods are not going to be covered within 4.2.1 then they should be mentioned in the lead-in to that section. (Perhaps they're covered elsewhere, perhaps they're not, but introducing something and then not covering it in the same section seems broken.)


More information about the Owasp-testing mailing list