[Owasp-testing] v5 Plan?
Matteo Meucci
matteo.meucci at owasp.org
Fri Apr 28 17:50:48 UTC 2017
Perfect,
here is the planand the list of interested to participate at the project.
Introduction and Project purpose for v5
---------------------------------------
The OWASP Testing Guide v4 includes a "best practice" penetration
testing framework which users can implement in their own organizations
and a "low level" penetration testing guide that describes techniques
for testing most common web application and web service security issues.
Nowadays the Testing Guide has become the standard to perform a Web
Application Penetration Testing and many Companies all around the world
have adopted it. It is vital for the project maintaining an updated
project that represents the state of the art for WebAppSec.
Main goals
----------
- Add new testing techniques
- Review and update all the sections in v4;
- Allign the project with the ASVS and OWASP Top 10 vulnerabilities
- Create a more readable guide, eliminating some sections that are not
really useful;
Project v5 Deadlines:
---------------------
- 21st March 2017: Setup the team of interested authors
- 29th April 2017: Start a brainstorming for the new index starting from
"Release Description",
- 10th May 2017: Create the new index and confirm new team,
- 15th May 2017: Starting writing articles first phase,
- 12-16 June 2017: OWASP Summit TGv5 review and brainstorming
- 17th June 2017: Starting writing articles II phase,
- 1st October 2017: Starting the second review phase,
- 15th November 2017: Create the RC1,
- 15th January 2011: Release the version 5.
Interested to participate:
--------------------------
Brad Causey <bradcauseyATgmail.com>
Babu Arokiadas <Babu.ArokiadasATmindtree.com>
Benjamin Robinson <benjamin.robinsonATgmail.com>
Jayanta Karmakar <jayanta.karmakarAThotmail.com>
Dimitri Fousekis <dimitriATbitcrack.net>
Tal Argoni <talATtriad-cybersec.com>
Simone Onofri <simone.onofriATgmail.com>
Donato Onofri <donato.onofriATgmail.com>
Dagoberto Almonacid <dalmunzizATgmail.com>
David Fern <dfernATverizon.net>
Iraah Wehner <contactATitestit-ltd.com>
Kevin Horvath <kevin.horvathATgmail.com>
Aditya Balapure <nauty.me04ATgmail.com>
Mario Robles OWASP <mario.roblesATowasp.org>
Thomas Patzke <thomasATpatzke.org>
Hookings, Stephen <stephen.hookingsATsap.com>
Yasser ABOUKIR <yaboukirATgmail.com>
Mark Roxberry <mark.roxberryATowasp.org>
Achim D. Brucker <adbruckerAT0x5f.org>
Name Surname? ronpalATicloud.com
Hardik Parekh <hardikkparekhATyahoo.com>
Tushar Vartak <tusharvartakATme.com>
sebastien gioria <sebATgioria.org>
Mishra Dhiraj <mishra.dhirajATowasp.org>
Mittal Mehta <mittal28.mehtaATgmail.com>
Anant Shrivastava <anant.shrivastavaATgmail.com>
Safuat Hamdy <safuat.hamdyATsecorvo.de>
Mishra Dhiraj <mishra.dhirajATowasp.org>
Roeun Surname? roeunATlaposte.net
Suhas Desai <desai.suhasATgmail.com>
Juan Manuel Bahamonde <juanmanuel.bahamondeATgmail.com>
Dave Lewis <daveATliquidmatrix.org>
Ismael Goncalves <ismaelrocha.projetosATgmail.com>
Vinaya Sathyanarayana <vinallcontactATgmail.com>
Erez Yalon <erez.yalonATgmail.com>
Tomas Zatko <tomas.zatko at citadelo.com>
Martin Hanic <martin.hanic at citadelo.com>
Amro Surname? <amroATowasp.org>
Tom Harris <harristhAThotmail.com>
tripurari rai <tripurari.raiATgmail.com>
Eduardo Castellanos <guayinATgmail.com>
Frederick Donovan <fred.donovan at owasp.org>
Paolo Perego <thesp0nge at owasp.org>
Kumaradasan, Vijayalakshmi (Allianz India)
<vijayalakshmi.kumaradasan at allianz.com>
Pavol Luptak <pavol.luptak at owasp.org>
Jaume Vich Salas, <capertuxa at gmail.com>
Dan Damelio <TheDoubleD at gmail.com>
Dagoberto Almonacid <dalmunziz at gmail.com>
Rick Mitchell <kingthorinAThotmail.com>
Sathish Babu <sats.in1 at gmail.com>
Are you ready?
Thanks,
Mat
On 29/03/2017 12:04, Sathish Babu wrote:
> Add me also. Apologize for the late request.
>
> Pls share if u have any url to submit the details.
>
> On 22 Mar 2017 12:32 p.m., "Paolo Perego" <thesp0nge at owasp.org
> <mailto:thesp0nge at owasp.org>> wrote:
>
> Count me in!
>
> On Wed, Feb 22, 2017 at 7:58 PM, Matteo Meucci
> <matteo.meucci at owasp.org <mailto:matteo.meucci at owasp.org>> wrote:
>
> Hi,
>
> yes we have to create a timeline for that but we need to
> publish a new version this year. Who wants to join the team
> for v5?
>
>
> We use the OWASP wiki to collaborate to the project.
>
>
> Thanks,
>
> Mat
>
>
>
>
> On 22/02/2017 19:46, R M wrote:
>>
>> Good afternoon Testing Guide list, it's been 2 or 3 years
>> since v4 was published.
>>
>>
>> Is there a plan/timeline for starting to work on v5 yet?
>>
>> Is it going to be a collaborative wiki edit again or is
>> github (https://github.com/OWASP/OWASP-Testing-Guide
>> <https://github.com/OWASP/OWASP-Testing-Guide>) going to be used?
>>
>>
>>
>>
>>
>> _______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>> <mailto:Owasp-testing at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>> <https://lists.owasp.org/mailman/listinfo/owasp-testing>
> _______________________________________________ Owasp-testing
> mailing list Owasp-testing at lists.owasp.org
> <mailto:Owasp-testing at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-testing
> <https://lists.owasp.org/mailman/listinfo/owasp-testing>
>
> --
> "... static analysis is fun, again!" OWASP Orizon project leader,
> http://github.com/thesp0nge/owasp-orizon
> <http://github.com/thesp0nge/owasp-orizon> OWASP Esapi Ruby
> project leader, https://github.com/thesp0nge/owasp-esapi-ruby
> <https://github.com/thesp0nge/owasp-esapi-ruby>
> _______________________________________________ Owasp-testing
> mailing list Owasp-testing at lists.owasp.org
> <mailto:Owasp-testing at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-testing
> <https://lists.owasp.org/mailman/listinfo/owasp-testing>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20170428/0c3e41bf/attachment.html>
More information about the Owasp-testing
mailing list