[Owasp-testing] Testing Guide V4: Stop writing, start the review

Mitchell, Rick (6030318) rick.mitchell at bell.ca
Mon Mar 10 13:15:10 UTC 2014


Between  my edits early last March (wow can't believe it's been so long) and a review session this morning I think the section:
4.8.5 Testing for SQL Injection (OTG-INPVAL-006) formerly "Testing for SQL Injection (OWASP-DV-005)"

Is now in pretty good shape.

I'll try to get through reviewing some other content as the week progresses.

I'd also previously provided review and input on the first four sections of the Info Gathering chapter.

Rick

From: owasp-testing-bounces at lists.owasp.org [mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Sohil Garg
Sent: March 9, 2014 2:25 PM
To: Matteo Meucci; Irene Abezgauz; owasp-testing at lists.owasp.org
Cc: Andrew Muller; Davide Danelon
Subject: Re: [Owasp-testing] Testing Guide V4: Stop writing, start the review

Dear Group,

I would like to review it and I can dedicate time to meet the timelines also.

Thanks and Regards,
Sohil Garg

On Sunday, 9 March 2014 9:20 PM, Matteo Meucci <matteo.meucci at owasp.org> wrote:
Thank you Irene,
I've just updated the gdocs.

Please @all the authors, take a look if your name is correct or if
someone is missing looking at the tab "Author" (we are updating it):
https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AmEhPtZ0cHq3dDc5ZFI0Nm9oSkhzNkNxTzNJbGdPdVE#gid=0

Irene, please try to update soon your articles, otherwise please send me
the text that I'll update.

Thanks,
Mat

On 03/09/2014 08:59 AM, Irene Abezgauz wrote:
> Hi,
>
> I cannot update the excel, but I've sent in the following section (replaced Babu):
> https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_%28OWASP-AZ-004%29 (Testing for Insecure Direct Object References (OTG-AUTHZ-005) formerly "Testing for Insecure Direct Object References (OWASP-AZ-004)"
>
> quite sure I did other sections (at least one) as well but doesn't seem uploaded them to wiki.
>
>
> in addition, available to assist in reviewing.
>
> Irene
>
>
> -----Original Message-----
> From: owasp-testing-bounces at lists.owasp.org<mailto:owasp-testing-bounces at lists.owasp.org> [mailto:owasp-testing-bounces at lists.owasp.org<mailto:owasp-testing-bounces at lists.owasp.org>] On Behalf Of Matteo Meucci
> Sent: Sunday, March 9, 2014 1:25 AM
> To: owasp-testing at lists.owasp.org<mailto:owasp-testing at lists.owasp.org>
> Cc: Andrew Muller; Davide Danelon
> Subject: [Owasp-testing] Testing Guide V4: Stop writing, start the review
>
> Dear OWASP Testing Guide followers.
> thanks to David who did the last rush, we have closed the Testing Guide Project's first phase!
> Many thanks to all the contributors!
>
> All the articles are closed now.
> Now it is time for the reviewers.
>
> You can see the status here:
> https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AmEhPtZ0cHq3dDc5ZFI0Nm9oSkhzNkNxTzNJbGdPdVE#gid=0
>
> Now the ToC is definitive:
> https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
>
> We deleted many items and 3 chapters:
> - Web Services Testing (no completed at all, it's better to have a separate guide on this)
> - Logging (not in scope of the wapt)
> - Denial of Service (not in scope of the wapt)
>
> Now we have split the set of active tests in 12 sub-categories for a total of 91 controls:
> Information Gathering
> Configuration and Deploy Management Testing Identity Management Testing Authentication Testing Authorization Testing Session Management Testing Data Validation Testing Error Handling Cryptography Logging Business Logic Testing Client Side Testing
>
> NEXT STEP:
> We'll contact all the proposed reviewers asking them to review the Guide in the next 2 weeks:
>> Paolo Perego
>> Daniel Cuthbert
>> Matthew Churcher
>> Lode Vanstechelman
>> Sebastien Gioria
>> Antonio Fontes
>
> Any others that want to help? Please answer only if you can review the guide in the next days.
>
> Deadline: end of March 2014
>
> Thanks!
> Mat & Andrew
>
> --
> Matteo Meucci
> OWASP Testing Guide co-Lead
> OWASP Italy President
>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org<mailto:Owasp-testing at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>

--
--
Matteo Meucci
OWASP Testing Guide Lead

OWASP Italy President
_______________________________________________
Owasp-testing mailing list
Owasp-testing at lists.owasp.org<mailto:Owasp-testing at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-testing

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20140310/9f82a5d6/attachment.html>


More information about the Owasp-testing mailing list