[Owasp-testing] Testing Guide V4: Stop writing, start the review

Samantha Groves samantha.groves at owasp.org
Fri Apr 18 15:59:10 UTC 2014


End of August is when the project should end, but I believe we will finish
earlier as Joan and Hugo are on the last bits of the work. Thank you for
the feedback on the covers, Matteo. :-)


On Fri, Apr 18, 2014 at 6:12 AM, Matteo Meucci <matteo.meucci at owasp.org>wrote:

> We are under final review.
>
> Samantha, we have a final date for the release?
>
> Thanks,
> Mat
>
>
>
> On 04/18/2014 03:10 PM, Lovelace, Sunni wrote:
> > Is there a release date for Testing Guide V4?.
> >
> >
> >
> > -----Original Message-----
> > From: owasp-testing-bounces at lists.owasp.org [mailto:
> owasp-testing-bounces at lists.owasp.org] On Behalf Of Jim Manico
> > Sent: Tuesday, April 01, 2014 5:13 PM
> > To: Matteo Meucci; owasp-testing at lists.owasp.org
> > Subject: Re: [Owasp-testing] Testing Guide V4: Stop writing, start the
> review
> >
> > Wow, very exciting. :) I'm thrilled to see this close to getting
> released!
> >
> > Aloha,
> > Jim
> >
> > On 4/1/14, 10:47 AM, Matteo Meucci wrote:
> >> Hi all,
> >> the reviewing phase is finished.
> >> Some reviewers did the review, but it is not complete.
> >>
> >> Please if you have reviews to add to the wiki do it now.
> >>
> >> In the next days we will start the last phase of the project.
> >>
> >> Thanks!
> >> Mat
> >>
> >> On 04/01/2014 04:03 PM, Mitchell, Rick (6030318) wrote:
> >>> I had some time to tackle more review this morning. I only made it
> through the first few sections, here are some notes:
> >>>
> >>> Testing: Conduct search engine discovery/reconnaissance for
> >>> information leakage (OTG-INFO-001)
> >>> * Lead-in paragraph indicates: " Indirect methods relate to gleaning
> sensitive design and configuration information by searching forums,
> newsgroups and tendering websites." Yet no such information is covered in
> the entry. IMHO either this article needs to be beefed up or the statement
> should be removed.
> >>> * Made minor corrections related to punctuation (addition of Oxford
> commas and some missing periods, as well as borders on images).
> >>>
> >>> Fingerprint Web Server (OTG-INFO-002)
> >>> * Minor updates, grammar and content.
> >>> * Makes me wonder if we have a style guide? Are we supposed to be
> using Title Caps for section naming?
> >>>
> >>> Testing: Review Webserver Metafiles for Information Leakage
> >>> (OTG-INFO-003)
> >>> * Reference links in this article are confusing. For example: [1] in
> the "Summary" section is not the same as [1] in the "How to Test" section...
> >>> * Minor updates, grammar and content.
> >>>
> >>> Rick
> >>>
> >>>
> >>> -----Original Message-----
> >>> From: owasp-testing-bounces at lists.owasp.org
> >>> [mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Matteo
> >>> Meucci
> >>> Sent: Saturday, March 08, 2014 6:25 PM
> >>> To: owasp-testing at lists.owasp.org
> >>> Cc: Andrew Muller; Davide Danelon
> >>> Subject: [Owasp-testing] Testing Guide V4: Stop writing, start the
> >>> review
> >>>
> >>> Dear OWASP Testing Guide followers.
> >>> thanks to David who did the last rush, we have closed the Testing
> >>> Guide Project's first phase!
> >>> Many thanks to all the contributors!
> >>>
> >>> All the articles are closed now.
> >>> Now it is time for the reviewers.
> >>>
> >>> You can see the status here:
> >>> https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AmEhPtZ0cHq3
> >>> dDc5ZFI0Nm9oSkhzNkNxTzNJbGdPdVE#gid=0
> >>>
> >>> Now the ToC is definitive:
> >>> https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Conte
> >>> nts
> >>>
> >>> We deleted many items and 3 chapters:
> >>> - Web Services Testing (no completed at all, it's better to have a
> >>> separate guide on this)
> >>> - Logging (not in scope of the wapt)
> >>> - Denial of Service (not in scope of the wapt)
> >>>
> >>> Now we have split the set of active tests in 12 sub-categories for a
> >>> total of 91 controls:
> >>> Information Gathering
> >>> Configuration and Deploy Management Testing Identity Management
> >>> Testing Authentication Testing Authorization Testing Session
> >>> Management Testing Data Validation Testing Error Handling
> >>> Cryptography Logging Business Logic Testing Client Side Testing
> >>>
> >>> NEXT STEP:
> >>> We'll contact all the proposed reviewers asking them to review the
> >>> Guide in the next 2 weeks:
> >>>> Paolo Perego
> >>>> Daniel Cuthbert
> >>>> Matthew Churcher
> >>>> Lode Vanstechelman
> >>>> Sebastien Gioria
> >>>> Antonio Fontes
> >>> Any others that want to help? Please answer only if you can review
> >>> the guide in the next days.
> >>>
> >>> Deadline: end of March 2014
> >>>
> >>> Thanks!
> >>> Mat & Andrew
> >>>
> >>> --
> >>> Matteo Meucci
> >>> OWASP Testing Guide co-Lead
> >>> OWASP Italy President
> >>>
> >>>
> >>> _______________________________________________
> >>> Owasp-testing mailing list
> >>> Owasp-testing at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/owasp-testing
> >>> _______________________________________________
> >>> Owasp-testing mailing list
> >>> Owasp-testing at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/owasp-testing
> >>>
> >
> > _______________________________________________
> > Owasp-testing mailing list
> > Owasp-testing at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-testing
> > ====================
> > This email/fax message is for the sole use of the intended
> > recipient(s) and may contain confidential and privileged information.
> > Any unauthorized review, use, disclosure or distribution of this
> > email/fax is prohibited. If you are not the intended recipient, please
> > destroy all paper and electronic copies of the original message.
> >
>
> --
> --
> Matteo Meucci
> OWASP Testing Guide Lead
> OWASP Italy President
>



-- 

*Samantha Groves, MBA*

*OWASP Projects Manager*


The OWASP Foundation

Phoenix, USA

Email: samantha.groves at owasp.org

Skype: samanthahz


OWASP Global Projects<https://www.owasp.org/index.php/Category:OWASP_Project>

Book a Meeting with Me <http://goo.gl/mZXdZ>

OWASP Contact US Form <http://owasp4.owasp.org/contactus.html>

New Project Application Form <http://www.tfaforms.com/263506>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20140418/7818d0aa/attachment-0001.html>


More information about the Owasp-testing mailing list