[Owasp-testing] v5 Plan?

Simone Onofri simone.onofri at gmail.com
Fri Apr 28 19:31:21 UTC 2017


Hi Mat,

Thank you. We can add some other injectioncwe have.

Also can make sense:
- a part on the test planning and roe
- something about the use of the tg checklist and also
exploitation/post-exploitation part? Thinking about nist/ptes if this can
make sense in the otg context

regards,

Simone

On Fri, 28 Apr 2017 at 19:51, Matteo Meucci <matteo.meucci at owasp.org> wrote:

> Perfect,
> here is the plan and the list of interested to participate at the project.
>
> Introduction and Project purpose for v5
> ---------------------------------------
> The OWASP Testing Guide v4 includes a "best practice" penetration testing
> framework which users can implement in their own organizations and a "low
> level" penetration testing guide that describes techniques for testing most
> common web application and web service security issues. Nowadays the
> Testing Guide has become the standard to perform a Web Application
> Penetration Testing and many Companies all around the world have adopted
> it. It is vital for the project maintaining an updated project that
> represents the state of the art for WebAppSec.
>
> Main goals
> ----------
> - Add new testing techniques
> - Review and update all the sections in v4;
> - Allign the project with the ASVS and OWASP Top 10 vulnerabilities
> - Create a more readable guide, eliminating some sections that are not
> really useful;
>
>
> Project v5 Deadlines:
> ---------------------
> - 21st March 2017: Setup the team of interested authors
> - 29th April 2017: Start a brainstorming for the new index starting from
> "Release Description",
> - 10th May 2017: Create the new index and confirm new team,
> - 15th May 2017: Starting writing articles first phase,
> - 12-16 June 2017: OWASP Summit TGv5 review and brainstorming
> - 17th June 2017: Starting writing articles II phase,
> - 1st October 2017: Starting the second review phase,
> - 15th November 2017: Create the RC1,
> - 15th January 2011: Release the version 5.
>
> Interested to participate:
> --------------------------
>
> Brad Causey <bradcauseyATgmail.com>
> Babu Arokiadas <Babu.ArokiadasATmindtree.com>
> Benjamin Robinson <benjamin.robinsonATgmail.com>
> Jayanta Karmakar <jayanta.karmakarAThotmail.com>
> Dimitri Fousekis <dimitriATbitcrack.net>
> Tal Argoni <talATtriad-cybersec.com>
> Simone Onofri <simone.onofriATgmail.com>
> Donato Onofri <donato.onofriATgmail.com>
> Dagoberto Almonacid <dalmunzizATgmail.com>
> David Fern <dfernATverizon.net>
> Iraah Wehner <contactATitestit-ltd.com>
> Kevin Horvath <kevin.horvathATgmail.com>
> Aditya Balapure <nauty.me04ATgmail.com>
> Mario Robles OWASP <mario.roblesATowasp.org>
> Thomas Patzke <thomasATpatzke.org>
> Hookings, Stephen <stephen.hookingsATsap.com>
> Yasser ABOUKIR <yaboukirATgmail.com>
> Mark Roxberry <mark.roxberryATowasp.org>
> Achim D. Brucker <adbruckerAT0x5f.org>
> Name Surname? ronpalATicloud.com
> Hardik Parekh <hardikkparekhATyahoo.com>
> Tushar Vartak <tusharvartakATme.com>
> sebastien gioria <sebATgioria.org>
> Mishra Dhiraj <mishra.dhirajATowasp.org>
> Mittal Mehta <mittal28.mehtaATgmail.com>
> Anant Shrivastava <anant.shrivastavaATgmail.com>
> Safuat Hamdy <safuat.hamdyATsecorvo.de>
> Mishra Dhiraj <mishra.dhirajATowasp.org>
> Roeun Surname? roeunATlaposte.net
> Suhas Desai <desai.suhasATgmail.com>
> Juan Manuel Bahamonde <juanmanuel.bahamondeATgmail.com>
> Dave Lewis <daveATliquidmatrix.org>
> Ismael Goncalves <ismaelrocha.projetosATgmail.com>
>
> Vinaya Sathyanarayana <vinallcontactATgmail.com>
> Erez Yalon <erez.yalonATgmail.com>
> Tomas Zatko <tomas.zatko at citadelo.com> <tomas.zatko at citadelo.com>
> Martin Hanic <martin.hanic at citadelo.com> <martin.hanic at citadelo.com>
>
> Amro Surname? <amroATowasp.org>
> Tom Harris <harristhAThotmail.com>
> tripurari rai <tripurari.raiATgmail.com>
> Eduardo Castellanos <guayinATgmail.com>
> Frederick Donovan <fred.donovan at owasp.org> <fred.donovan at owasp.org>
> Paolo Perego <thesp0nge at owasp.org> <thesp0nge at owasp.org>
> Kumaradasan, Vijayalakshmi (Allianz India)
> <vijayalakshmi.kumaradasan at allianz.com>
> <vijayalakshmi.kumaradasan at allianz.com>
> Pavol Luptak <pavol.luptak at owasp.org> <pavol.luptak at owasp.org>
> Jaume Vich Salas, <capertuxa at gmail.com> <capertuxa at gmail.com>
> Dan Damelio <TheDoubleD at gmail.com> <TheDoubleD at gmail.com>
> Dagoberto Almonacid <dalmunziz at gmail.com> <dalmunziz at gmail.com>
> Rick Mitchell <kingthorinAThotmail.com>
> Sathish Babu <sats.in1 at gmail.com> <sats.in1 at gmail.com>
>
> Are you ready?
>
> Thanks,
>
> Mat
>
> On 29/03/2017 12:04, Sathish Babu wrote:
>
> Add me also. Apologize for the late request.
>
> Pls share if u have any url to submit the details.
>
> On 22 Mar 2017 12:32 p.m., "Paolo Perego" <thesp0nge at owasp.org> wrote:
>
>> Count me in!
>>
>> On Wed, Feb 22, 2017 at 7:58 PM, Matteo Meucci <matteo.meucci at owasp.org>
>> wrote:
>>
>>> Hi,
>>>
>>> yes we have to create a timeline for that but we need to publish a new
>>> version this year. Who wants to join the team for v5?
>>>
>>>
>>> We use the OWASP wiki to collaborate to the project.
>>>
>>>
>>> Thanks,
>>>
>>> Mat
>>>
>>>
>>>
>>>
>>> On 22/02/2017 19:46, R M wrote:
>>>
>>> Good afternoon Testing Guide list, it's been 2 or 3 years since v4 was
>>> published.
>>>
>>>
>>> Is there a plan/timeline for starting to work on v5 yet?
>>>
>>> Is it going to be a collaborative wiki edit again or is github (
>>> https://github.com/OWASP/OWASP-Testing-Guide) going to be used?
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-testing mailing listOwasp-testing at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-testing
>>>
>>> _______________________________________________ Owasp-testing mailing
>>> list Owasp-testing at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>
>> --
>> "... static analysis is fun, again!" OWASP Orizon project leader,
>> http://github.com/thesp0nge/owasp-orizon OWASP Esapi Ruby project
>> leader, https://github.com/thesp0nge/owasp-esapi-ruby
>> _______________________________________________ Owasp-testing mailing
>> list Owasp-testing at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20170428/e7c5e79c/attachment-0001.html>


More information about the Owasp-testing mailing list