[Owasp-testing] Testing Guide V4: Stop writing, start the review

Tomas Zatko tomas.zatko at citadelo.com
Fri Mar 14 08:22:41 UTC 2014


Hi Guys,

I pointed out few such duplicities in my mail from December 16 but got no response. This is original email in the archive:
http://lists.owasp.org/pipermail/owasp-testing/2013-December/002257.html
Could you please find a minute to read and comment on it? Thank you.
I am not sure what changed since then (chapter names, etc) but can check it again later today.

-- 
Ing. Tomáš Zaťko
Chief Executive Officer
Citadelo s.r.o.
Lazaretská 12
81108 Bratislava
+421 910 865 225

On 13 Mar 2014, at 23:46, Eduardo Castellanos <guayin at gmail.com> wrote:

> Hello Mateo, 
> 
> I'd like to help reviewing. Actually I already started. I found that the content for  (OTG-INFO-011) is the same as (OTG-INFO-002). 
> 
> I also found that (OTG-CONFIG-011) included CORS, which is already covered in another separate section. (I'm the author of this one). 
> 
> I'm also adding some text and examples to tests.
> 
> I'll let you know of anything else I find. 
> 
> Cheers,
> 
> Eduardo Castellanos N.
> 
> 
> On Sun, Mar 9, 2014 at 12:24 AM, Matteo Meucci <matteo.meucci at owasp.org> wrote:
> Dear OWASP Testing Guide followers.
> thanks to David who did the last rush, we have closed the Testing Guide
> Project's first phase!
> Many thanks to all the contributors!
> 
> All the articles are closed now.
> Now it is time for the reviewers.
> 
> You can see the status here:
> https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AmEhPtZ0cHq3dDc5ZFI0Nm9oSkhzNkNxTzNJbGdPdVE#gid=0
> 
> Now the ToC is definitive:
> https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
> 
> We deleted many items and 3 chapters:
> - Web Services Testing (no completed at all, it's better to have a
> separate guide on this)
> - Logging (not in scope of the wapt)
> - Denial of Service (not in scope of the wapt)
> 
> Now we have split the set of active tests in 12 sub-categories for a
> total of 91 controls:
> Information Gathering
> Configuration and Deploy Management Testing
> Identity Management Testing
> Authentication Testing
> Authorization Testing
> Session Management Testing
> Data Validation Testing
> Error Handling
> Cryptography
> Logging
> Business Logic Testing
> Client Side Testing
> 
> NEXT STEP:
> We'll contact all the proposed reviewers asking them to review the
> Guide in the next 2 weeks:
> > Paolo Perego
> > Daniel Cuthbert
> > Matthew Churcher
> > Lode Vanstechelman
> > Sebastien Gioria
> > Antonio Fontes
> 
> Any others that want to help? Please answer only if you can review the
> guide in the next days.
> 
> Deadline: end of March 2014
> 
> Thanks!
> Mat & Andrew
> 
> --
> Matteo Meucci
> OWASP Testing Guide co-Lead
> OWASP Italy President
> 
> 
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
> 
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20140314/32e5cb26/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4154 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20140314/32e5cb26/attachment.bin>


More information about the Owasp-testing mailing list