[Owasp-testing] v5 Plan?
Dinis Cruz
dinis.cruz at owasp.org
Fri Apr 28 19:53:05 UTC 2017
For the work that will be done at the Summit, it will be good to start
expanding on the kind of working sessions you want to do:
http://owaspsummit.org/Working-Sessions/Project-Summit/Testing-Guide-v5.html
Ideally we should make it a Track with multiple Working Sessions.
See for example the Threat Model Track and the OwaspSamm Track
http://owaspsummit.org/Working-Sessions/Threat-Model/
http://owaspsummit.org/Working-Sessions/OwaspSAMM/
Btw, it is now possible to register participation in Summit's Working
Sessions, so if you are going there, please register your interest asap (so
that we can plan the schedule accordingly). If you want to participate
remotely please see this page:
http://owaspsummit.org/website/participants-remote.html
Thanks
Dinis Cruz
On 28 Apr 2017 6:51 pm, "Matteo Meucci" <matteo.meucci at owasp.org> wrote:
> Perfect,
> here is the plan and the list of interested to participate at the project.
>
> Introduction and Project purpose for v5
> ---------------------------------------
> The OWASP Testing Guide v4 includes a "best practice" penetration testing
> framework which users can implement in their own organizations and a "low
> level" penetration testing guide that describes techniques for testing most
> common web application and web service security issues. Nowadays the
> Testing Guide has become the standard to perform a Web Application
> Penetration Testing and many Companies all around the world have adopted
> it. It is vital for the project maintaining an updated project that
> represents the state of the art for WebAppSec.
>
> Main goals
> ----------
> - Add new testing techniques
> - Review and update all the sections in v4;
> - Allign the project with the ASVS and OWASP Top 10 vulnerabilities
> - Create a more readable guide, eliminating some sections that are not
> really useful;
>
>
> Project v5 Deadlines:
> ---------------------
> - 21st March 2017: Setup the team of interested authors
> - 29th April 2017: Start a brainstorming for the new index starting from
> "Release Description",
> - 10th May 2017: Create the new index and confirm new team,
> - 15th May 2017: Starting writing articles first phase,
> - 12-16 June 2017: OWASP Summit TGv5 review and brainstorming
> - 17th June 2017: Starting writing articles II phase,
> - 1st October 2017: Starting the second review phase,
> - 15th November 2017: Create the RC1,
> - 15th January 2011: Release the version 5.
>
> Interested to participate:
> --------------------------
> Brad Causey <bradcauseyATgmail.com>
> Babu Arokiadas <Babu.ArokiadasATmindtree.com>
> Benjamin Robinson <benjamin.robinsonATgmail.com>
> Jayanta Karmakar <jayanta.karmakarAThotmail.com>
> Dimitri Fousekis <dimitriATbitcrack.net>
> Tal Argoni <talATtriad-cybersec.com>
> Simone Onofri <simone.onofriATgmail.com>
> Donato Onofri <donato.onofriATgmail.com>
> Dagoberto Almonacid <dalmunzizATgmail.com>
> David Fern <dfernATverizon.net>
> Iraah Wehner <contactATitestit-ltd.com>
> Kevin Horvath <kevin.horvathATgmail.com>
> Aditya Balapure <nauty.me04ATgmail.com>
> Mario Robles OWASP <mario.roblesATowasp.org>
> Thomas Patzke <thomasATpatzke.org>
> Hookings, Stephen <stephen.hookingsATsap.com>
> Yasser ABOUKIR <yaboukirATgmail.com>
> Mark Roxberry <mark.roxberryATowasp.org>
> Achim D. Brucker <adbruckerAT0x5f.org>
> Name Surname? ronpalATicloud.com
> Hardik Parekh <hardikkparekhATyahoo.com>
> Tushar Vartak <tusharvartakATme.com>
> sebastien gioria <sebATgioria.org>
> Mishra Dhiraj <mishra.dhirajATowasp.org>
> Mittal Mehta <mittal28.mehtaATgmail.com>
> Anant Shrivastava <anant.shrivastavaATgmail.com>
> Safuat Hamdy <safuat.hamdyATsecorvo.de>
> Mishra Dhiraj <mishra.dhirajATowasp.org>
> Roeun Surname? roeunATlaposte.net
> Suhas Desai <desai.suhasATgmail.com>
> Juan Manuel Bahamonde <juanmanuel.bahamondeATgmail.com>
> Dave Lewis <daveATliquidmatrix.org>
> Ismael Goncalves <ismaelrocha.projetosATgmail.com>
> Vinaya Sathyanarayana <vinallcontactATgmail.com>
> Erez Yalon <erez.yalonATgmail.com>
> Tomas Zatko <tomas.zatko at citadelo.com> <tomas.zatko at citadelo.com>
> Martin Hanic <martin.hanic at citadelo.com> <martin.hanic at citadelo.com>
> Amro Surname? <amroATowasp.org>
> Tom Harris <harristhAThotmail.com>
> tripurari rai <tripurari.raiATgmail.com>
> Eduardo Castellanos <guayinATgmail.com>
> Frederick Donovan <fred.donovan at owasp.org> <fred.donovan at owasp.org>
> Paolo Perego <thesp0nge at owasp.org> <thesp0nge at owasp.org>
> Kumaradasan, Vijayalakshmi (Allianz India) <[email protected]
> allianz.com> <vijayalakshmi.kumaradasan at allianz.com>
> Pavol Luptak <pavol.luptak at owasp.org> <pavol.luptak at owasp.org>
> Jaume Vich Salas, <capertuxa at gmail.com> <capertuxa at gmail.com>
> Dan Damelio <TheDoubleD at gmail.com> <TheDoubleD at gmail.com>
> Dagoberto Almonacid <dalmunziz at gmail.com> <dalmunziz at gmail.com>
> Rick Mitchell <kingthorinAThotmail.com>
> Sathish Babu <sats.in1 at gmail.com> <sats.in1 at gmail.com>
>
> Are you ready?
>
> Thanks,
>
> Mat
>
> On 29/03/2017 12:04, Sathish Babu wrote:
>
> Add me also. Apologize for the late request.
>
> Pls share if u have any url to submit the details.
>
> On 22 Mar 2017 12:32 p.m., "Paolo Perego" <thesp0nge at owasp.org> wrote:
>
>> Count me in!
>>
>> On Wed, Feb 22, 2017 at 7:58 PM, Matteo Meucci <matteo.meucci at owasp.org>
>> wrote:
>>
>>> Hi,
>>>
>>> yes we have to create a timeline for that but we need to publish a new
>>> version this year. Who wants to join the team for v5?
>>>
>>>
>>> We use the OWASP wiki to collaborate to the project.
>>>
>>>
>>> Thanks,
>>>
>>> Mat
>>>
>>>
>>>
>>>
>>> On 22/02/2017 19:46, R M wrote:
>>>
>>> Good afternoon Testing Guide list, it's been 2 or 3 years since v4 was
>>> published.
>>>
>>>
>>> Is there a plan/timeline for starting to work on v5 yet?
>>>
>>> Is it going to be a collaborative wiki edit again or is github (
>>> https://github.com/OWASP/OWASP-Testing-Guide) going to be used?
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-testing mailing listOwasp-testing at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-testing
>>>
>>> _______________________________________________ Owasp-testing mailing
>>> list Owasp-testing at lists.owasp.org https://lists.owasp.org/mailma
>>> n/listinfo/owasp-testing
>>
>> --
>> "... static analysis is fun, again!" OWASP Orizon project leader,
>> http://github.com/thesp0nge/owasp-orizon OWASP Esapi Ruby project
>> leader, https://github.com/thesp0nge/owasp-esapi-ruby
>> _______________________________________________ Owasp-testing mailing
>> list Owasp-testing at lists.owasp.org https://lists.owasp.org/mailma
>> n/listinfo/owasp-testing
>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20170428/0523d666/attachment.html>
More information about the Owasp-testing
mailing list