[Owasp-testing] Testing Guide V4: Stop writing, start the review

Lovelace, Sunni SLovelace at geico.com
Fri Apr 18 13:10:23 UTC 2014


Is there a release date for Testing Guide V4?. 

 

-----Original Message-----
From: owasp-testing-bounces at lists.owasp.org [mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Jim Manico
Sent: Tuesday, April 01, 2014 5:13 PM
To: Matteo Meucci; owasp-testing at lists.owasp.org
Subject: Re: [Owasp-testing] Testing Guide V4: Stop writing, start the review

Wow, very exciting. :) I'm thrilled to see this close to getting released!

Aloha,
Jim

On 4/1/14, 10:47 AM, Matteo Meucci wrote:
> Hi all,
> the reviewing phase is finished.
> Some reviewers did the review, but it is not complete.
>
> Please if you have reviews to add to the wiki do it now.
>
> In the next days we will start the last phase of the project.
>
> Thanks!
> Mat
>
> On 04/01/2014 04:03 PM, Mitchell, Rick (6030318) wrote:
>> I had some time to tackle more review this morning. I only made it through the first few sections, here are some notes:
>>
>> Testing: Conduct search engine discovery/reconnaissance for 
>> information leakage (OTG-INFO-001)
>> * Lead-in paragraph indicates: " Indirect methods relate to gleaning sensitive design and configuration information by searching forums, newsgroups and tendering websites." Yet no such information is covered in the entry. IMHO either this article needs to be beefed up or the statement should be removed.
>> * Made minor corrections related to punctuation (addition of Oxford commas and some missing periods, as well as borders on images).
>>
>> Fingerprint Web Server (OTG-INFO-002)
>> * Minor updates, grammar and content.
>> * Makes me wonder if we have a style guide? Are we supposed to be using Title Caps for section naming?
>>
>> Testing: Review Webserver Metafiles for Information Leakage 
>> (OTG-INFO-003)
>> * Reference links in this article are confusing. For example: [1] in the "Summary" section is not the same as [1] in the "How to Test" section...
>> * Minor updates, grammar and content.
>>
>> Rick
>>
>>
>> -----Original Message-----
>> From: owasp-testing-bounces at lists.owasp.org 
>> [mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Matteo 
>> Meucci
>> Sent: Saturday, March 08, 2014 6:25 PM
>> To: owasp-testing at lists.owasp.org
>> Cc: Andrew Muller; Davide Danelon
>> Subject: [Owasp-testing] Testing Guide V4: Stop writing, start the 
>> review
>>
>> Dear OWASP Testing Guide followers.
>> thanks to David who did the last rush, we have closed the Testing 
>> Guide Project's first phase!
>> Many thanks to all the contributors!
>>
>> All the articles are closed now.
>> Now it is time for the reviewers.
>>
>> You can see the status here:
>> https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AmEhPtZ0cHq3
>> dDc5ZFI0Nm9oSkhzNkNxTzNJbGdPdVE#gid=0
>>
>> Now the ToC is definitive:
>> https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Conte
>> nts
>>
>> We deleted many items and 3 chapters:
>> - Web Services Testing (no completed at all, it's better to have a 
>> separate guide on this)
>> - Logging (not in scope of the wapt)
>> - Denial of Service (not in scope of the wapt)
>>
>> Now we have split the set of active tests in 12 sub-categories for a 
>> total of 91 controls:
>> Information Gathering
>> Configuration and Deploy Management Testing Identity Management 
>> Testing Authentication Testing Authorization Testing Session 
>> Management Testing Data Validation Testing Error Handling 
>> Cryptography Logging Business Logic Testing Client Side Testing
>>
>> NEXT STEP:
>> We'll contact all the proposed reviewers asking them to review the 
>> Guide in the next 2 weeks:
>>> Paolo Perego
>>> Daniel Cuthbert
>>> Matthew Churcher
>>> Lode Vanstechelman
>>> Sebastien Gioria
>>> Antonio Fontes
>> Any others that want to help? Please answer only if you can review 
>> the guide in the next days.
>>
>> Deadline: end of March 2014
>>
>> Thanks!
>> Mat & Andrew
>>
>> --
>> Matteo Meucci
>> OWASP Testing Guide co-Lead
>> OWASP Italy President
>>
>>
>> _______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>> _______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>

_______________________________________________
Owasp-testing mailing list
Owasp-testing at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-testing
====================
This email/fax message is for the sole use of the intended
recipient(s) and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution of this
email/fax is prohibited. If you are not the intended recipient, please
destroy all paper and electronic copies of the original message.



More information about the Owasp-testing mailing list