[Owasp-testing] Testing Guide V4: Stop writing, start the review

Irene Abezgauz irene at quotium.com
Sun Mar 9 07:59:07 UTC 2014


Hi,

I cannot update the excel, but I've sent in the following section (replaced Babu): 
https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_%28OWASP-AZ-004%29 (Testing for Insecure Direct Object References (OTG-AUTHZ-005) formerly "Testing for Insecure Direct Object References (OWASP-AZ-004)"

quite sure I did other sections (at least one) as well but doesn't seem uploaded them to wiki.


in addition, available to assist in reviewing.

Irene 


-----Original Message-----
From: owasp-testing-bounces at lists.owasp.org [mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Matteo Meucci
Sent: Sunday, March 9, 2014 1:25 AM
To: owasp-testing at lists.owasp.org
Cc: Andrew Muller; Davide Danelon
Subject: [Owasp-testing] Testing Guide V4: Stop writing, start the review

Dear OWASP Testing Guide followers.
thanks to David who did the last rush, we have closed the Testing Guide Project's first phase!
Many thanks to all the contributors!

All the articles are closed now.
Now it is time for the reviewers.

You can see the status here:
https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AmEhPtZ0cHq3dDc5ZFI0Nm9oSkhzNkNxTzNJbGdPdVE#gid=0

Now the ToC is definitive:
https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents

We deleted many items and 3 chapters:
- Web Services Testing (no completed at all, it's better to have a separate guide on this)
- Logging (not in scope of the wapt)
- Denial of Service (not in scope of the wapt)

Now we have split the set of active tests in 12 sub-categories for a total of 91 controls:
Information Gathering
Configuration and Deploy Management Testing Identity Management Testing Authentication Testing Authorization Testing Session Management Testing Data Validation Testing Error Handling Cryptography Logging Business Logic Testing Client Side Testing

NEXT STEP:
We'll contact all the proposed reviewers asking them to review the Guide in the next 2 weeks:
> Paolo Perego
> Daniel Cuthbert
> Matthew Churcher
> Lode Vanstechelman
> Sebastien Gioria
> Antonio Fontes

Any others that want to help? Please answer only if you can review the guide in the next days.

Deadline: end of March 2014

Thanks!
Mat & Andrew

--
Matteo Meucci
OWASP Testing Guide co-Lead
OWASP Italy President


_______________________________________________
Owasp-testing mailing list
Owasp-testing at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-testing


More information about the Owasp-testing mailing list