[Owasp-testing] Testing Guide V4: Stop writing, start the review

Matteo Meucci matteo.meucci at owasp.org
Sun Mar 16 19:05:26 UTC 2014


Hi,
yes I agree we can delete Testing_for_Web_Application_(OTG-INFO-011)
Davide do you agree?

Thanks,
Mat


On 03/14/2014 10:29 AM, Anant Shrivastava wrote:
> Hi everyone,
> 
> More details on this duplication issues.
> 
> Initially only one article was listed marking it as
> testing/fingerprinting of web server and applications and hence it was
> bifurcated to two different articles to clearly list both app
> fingerprinting and server fingerprinting.
> 
> however web application fingerprinting is now covered here
> : https://www.owasp.org/index.php/Fingerprint_Web_Application_Framework_(OTG-INFO-009)
> 
> 
> Hence the most optimum solution would be
> 1)  Delete :
> https://www.owasp.org/index.php/Testing_for_Web_Application_(OTG-INFO-011) 
> 2) Keep :
> https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002) 
> 3) Keep :
> https://www.owasp.org/index.php/Fingerprint_Web_Application_Framework_(OTG-INFO-009)
> 
> I hope this helps.
> 
> 
> Anant Shrivastava 
> Web : http://anantshri.info <http://anantshri.info/>
> 
> 
> On Fri, Mar 14, 2014 at 1:52 PM, Tomas Zatko <tomas.zatko at citadelo.com
> <mailto:tomas.zatko at citadelo.com>> wrote:
> 
>     Hi Guys,
> 
>     I pointed out few such duplicities in my mail from December 16 but
>     got no response. This is original email in the archive:
>     http://lists.owasp.org/pipermail/owasp-testing/2013-December/002257.html
>     Could you please find a minute to read and comment on it? Thank you.
>     I am not sure what changed since then (chapter names, etc) but can
>     check it again later today.
> 
>     -- 
>     Ing. Tomáš Zaťko
>     Chief Executive Officer
>     Citadelo s.r.o.
>     Lazaretská 12
>     81108 Bratislava
>     +421 910 865 225
> 
>     On 13 Mar 2014, at 23:46, Eduardo Castellanos <guayin at gmail.com
>     <mailto:guayin at gmail.com>> wrote:
> 
>>     Hello Mateo, 
>>
>>     I'd like to help reviewing. Actually I already started. I found
>>     that the content for  (OTG-INFO-011) is the same as (OTG-INFO-002). 
>>
>>     I also found that (OTG-CONFIG-011) included CORS, which is already
>>     covered in another separate section. (I'm the author of this one). 
>>
>>     I'm also adding some text and examples to tests.
>>
>>     I'll let you know of anything else I find. 
>>
>>     Cheers,
>>
>>     Eduardo Castellanos N.
>>
>>
>>     On Sun, Mar 9, 2014 at 12:24 AM, Matteo Meucci
>>     <matteo.meucci at owasp.org <mailto:matteo.meucci at owasp.org>> wrote:
>>
>>         Dear OWASP Testing Guide followers.
>>         thanks to David who did the last rush, we have closed the
>>         Testing Guide
>>         Project's first phase!
>>         Many thanks to all the contributors!
>>
>>         All the articles are closed now.
>>         Now it is time for the reviewers.
>>
>>         You can see the status here:
>>         https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AmEhPtZ0cHq3dDc5ZFI0Nm9oSkhzNkNxTzNJbGdPdVE#gid=0
>>
>>         Now the ToC is definitive:
>>         https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
>>
>>         We deleted many items and 3 chapters:
>>         - Web Services Testing (no completed at all, it's better to have a
>>         separate guide on this)
>>         - Logging (not in scope of the wapt)
>>         - Denial of Service (not in scope of the wapt)
>>
>>         Now we have split the set of active tests in 12 sub-categories
>>         for a
>>         total of 91 controls:
>>         Information Gathering
>>         Configuration and Deploy Management Testing
>>         Identity Management Testing
>>         Authentication Testing
>>         Authorization Testing
>>         Session Management Testing
>>         Data Validation Testing
>>         Error Handling
>>         Cryptography
>>         Logging
>>         Business Logic Testing
>>         Client Side Testing
>>
>>         NEXT STEP:
>>         We'll contact all the proposed reviewers asking them to review the
>>         Guide in the next 2 weeks:
>>         > Paolo Perego
>>         > Daniel Cuthbert
>>         > Matthew Churcher
>>         > Lode Vanstechelman
>>         > Sebastien Gioria
>>         > Antonio Fontes
>>
>>         Any others that want to help? Please answer only if you can
>>         review the
>>         guide in the next days.
>>
>>         Deadline: end of March 2014
>>
>>         Thanks!
>>         Mat & Andrew
>>
>>         --
>>         Matteo Meucci
>>         OWASP Testing Guide co-Lead
>>         OWASP Italy President
>>
>>
>>         _______________________________________________
>>         Owasp-testing mailing list
>>         Owasp-testing at lists.owasp.org
>>         <mailto:Owasp-testing at lists.owasp.org>
>>         https://lists.owasp.org/mailman/listinfo/owasp-testing
>>
>>
>>     _______________________________________________
>>     Owasp-testing mailing list
>>     Owasp-testing at lists.owasp.org <mailto:Owasp-testing at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-testing
> 
> 
>     _______________________________________________
>     Owasp-testing mailing list
>     Owasp-testing at lists.owasp.org <mailto:Owasp-testing at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-testing
> 
> 
> 
> 
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
> 

-- 
--
Matteo Meucci
OWASP Testing Guide Lead
OWASP Italy President


More information about the Owasp-testing mailing list