[Owasp-testing] Testing Guide V4: Stop writing, start the review

Matteo Meucci matteo.meucci at owasp.org
Sat Mar 8 23:24:36 UTC 2014


Dear OWASP Testing Guide followers.
thanks to David who did the last rush, we have closed the Testing Guide
Project's first phase!
Many thanks to all the contributors!

All the articles are closed now.
Now it is time for the reviewers.

You can see the status here:
https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AmEhPtZ0cHq3dDc5ZFI0Nm9oSkhzNkNxTzNJbGdPdVE#gid=0

Now the ToC is definitive:
https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents

We deleted many items and 3 chapters:
- Web Services Testing (no completed at all, it's better to have a
separate guide on this)
- Logging (not in scope of the wapt)
- Denial of Service (not in scope of the wapt)

Now we have split the set of active tests in 12 sub-categories for a
total of 91 controls:
Information Gathering
Configuration and Deploy Management Testing
Identity Management Testing
Authentication Testing
Authorization Testing
Session Management Testing
Data Validation Testing
Error Handling
Cryptography
Logging
Business Logic Testing
Client Side Testing

NEXT STEP:
We'll contact all the proposed reviewers asking them to review the
Guide in the next 2 weeks:
> Paolo Perego
> Daniel Cuthbert
> Matthew Churcher
> Lode Vanstechelman
> Sebastien Gioria
> Antonio Fontes

Any others that want to help? Please answer only if you can review the
guide in the next days.

Deadline: end of March 2014

Thanks!
Mat & Andrew

--
Matteo Meucci
OWASP Testing Guide co-Lead
OWASP Italy President




More information about the Owasp-testing mailing list