[Owasp-testing] Testing Guide V4: Stop writing, start the review

Anant Shrivastava anant.shrivastava at gmail.com
Fri Mar 14 09:29:32 UTC 2014


Hi everyone,

More details on this duplication issues.

Initially only one article was listed marking it as testing/fingerprinting
of web server and applications and hence it was bifurcated to two different
articles to clearly list both app fingerprinting and server fingerprinting.

however web application fingerprinting is now covered here :
https://www.owasp.org/index.php/Fingerprint_Web_Application_Framework_(OTG-INFO-009)


Hence the most optimum solution would be
1)  Delete :
https://www.owasp.org/index.php/Testing_for_Web_Application_(OTG-INFO-011)
2) Keep :
https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002)
3) Keep :
https://www.owasp.org/index.php/Fingerprint_Web_Application_Framework_(OTG-INFO-009)

I hope this helps.


Anant Shrivastava
Web : http://anantshri.info


On Fri, Mar 14, 2014 at 1:52 PM, Tomas Zatko <tomas.zatko at citadelo.com>wrote:

> Hi Guys,
>
> I pointed out few such duplicities in my mail from December 16 but got no
> response. This is original email in the archive:
> http://lists.owasp.org/pipermail/owasp-testing/2013-December/002257.html
> Could you please find a minute to read and comment on it? Thank you.
> I am not sure what changed since then (chapter names, etc) but can check
> it again later today.
>
> --
> Ing. Tomáš Zaťko
> Chief Executive Officer
> Citadelo s.r.o.
> Lazaretská 12
> 81108 Bratislava
> +421 910 865 225
>
> On 13 Mar 2014, at 23:46, Eduardo Castellanos <guayin at gmail.com> wrote:
>
> Hello Mateo,
>
> I'd like to help reviewing. Actually I already started. I found that the
> content for  (OTG-INFO-011) is the same as (OTG-INFO-002).
>
> I also found that (OTG-CONFIG-011) included CORS, which is already covered
> in another separate section. (I'm the author of this one).
>
> I'm also adding some text and examples to tests.
>
> I'll let you know of anything else I find.
>
> Cheers,
>
> Eduardo Castellanos N.
>
>
> On Sun, Mar 9, 2014 at 12:24 AM, Matteo Meucci <matteo.meucci at owasp.org>wrote:
>
>> Dear OWASP Testing Guide followers.
>> thanks to David who did the last rush, we have closed the Testing Guide
>> Project's first phase!
>> Many thanks to all the contributors!
>>
>> All the articles are closed now.
>> Now it is time for the reviewers.
>>
>> You can see the status here:
>>
>> https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AmEhPtZ0cHq3dDc5ZFI0Nm9oSkhzNkNxTzNJbGdPdVE#gid=0
>>
>> Now the ToC is definitive:
>> https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
>>
>> We deleted many items and 3 chapters:
>> - Web Services Testing (no completed at all, it's better to have a
>> separate guide on this)
>> - Logging (not in scope of the wapt)
>> - Denial of Service (not in scope of the wapt)
>>
>> Now we have split the set of active tests in 12 sub-categories for a
>> total of 91 controls:
>> Information Gathering
>> Configuration and Deploy Management Testing
>> Identity Management Testing
>> Authentication Testing
>> Authorization Testing
>> Session Management Testing
>> Data Validation Testing
>> Error Handling
>> Cryptography
>> Logging
>> Business Logic Testing
>> Client Side Testing
>>
>> NEXT STEP:
>> We'll contact all the proposed reviewers asking them to review the
>> Guide in the next 2 weeks:
>> > Paolo Perego
>> > Daniel Cuthbert
>> > Matthew Churcher
>> > Lode Vanstechelman
>> > Sebastien Gioria
>> > Antonio Fontes
>>
>> Any others that want to help? Please answer only if you can review the
>> guide in the next days.
>>
>> Deadline: end of March 2014
>>
>> Thanks!
>> Mat & Andrew
>>
>> --
>> Matteo Meucci
>> OWASP Testing Guide co-Lead
>> OWASP Italy President
>>
>>
>> _______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20140314/553d5e0b/attachment-0001.html>


More information about the Owasp-testing mailing list