[Owasp-testing] [Newsletter] Re: v5 Plan?

Kumaradasan, Vijayalakshmi (Allianz India) vijayalakshmi.kumaradasan at allianz.com
Tue May 2 07:47:35 UTC 2017

Thanks for the detailed mail.

I’m interested to be the part of the team. Kindly include me too.

From: owasp-testing-bounces+vijayalakshmi.kumaradasan=allianz.com at lists.owasp.org [mailto:owasp-testing-bounces+vijayalakshmi.kumaradasan=allianz.com at lists.owasp.org] On Behalf Of Matteo Meucci
Sent: 28 April 2017 23:21
To: owasp-testing
Cc: Andrew Muller
Subject: [Newsletter] Re: [Owasp-testing] v5 Plan?

here is the plan and the list of interested to participate at the project.

Introduction and Project purpose for v5
The OWASP Testing Guide v4 includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues. Nowadays the Testing Guide has become the standard to perform a Web Application Penetration Testing and many Companies all around the world have adopted it. It is vital for the project maintaining an updated project that represents the state of the art for WebAppSec.

Main goals
- Add new testing techniques
- Review and update all the sections in v4;
- Allign the project with the ASVS and OWASP Top 10 vulnerabilities
- Create a more readable guide, eliminating some sections that are not really useful;

Project v5 Deadlines:
- 21st March 2017: Setup the team of interested authors
- 29th April 2017: Start a brainstorming for the new index starting from "Release Description",
- 10th May 2017: Create the new index and confirm new team,
- 15th May 2017: Starting writing articles first phase,
- 12-16 June 2017: OWASP Summit TGv5 review and brainstorming
- 17th June 2017: Starting writing articles II phase,
- 1st October 2017: Starting the second review phase,
- 15th November 2017: Create the RC1,
- 15th January 2011: Release the version 5.

Interested to participate:
Brad Causey <bradcauseyATgmail.com>
Babu Arokiadas <Babu.ArokiadasATmindtree.com>
Benjamin Robinson <benjamin.robinsonATgmail.com>
Jayanta Karmakar <jayanta.karmakarAThotmail.com>
Dimitri Fousekis <dimitriATbitcrack.net>
Tal Argoni <talATtriad-cybersec.com>
Simone Onofri <simone.onofriATgmail.com>
Donato Onofri <donato.onofriATgmail.com>
Dagoberto Almonacid <dalmunzizATgmail.com>
David Fern <dfernATverizon.net>
Iraah Wehner <contactATitestit-ltd.com>
Kevin Horvath <kevin.horvathATgmail.com>
Aditya Balapure <nauty.me04ATgmail.com>
Mario Robles OWASP <mario.roblesATowasp.org>
Thomas Patzke <thomasATpatzke.org>
Hookings, Stephen <stephen.hookingsATsap.com>
Yasser ABOUKIR <yaboukirATgmail.com>
Mark Roxberry <mark.roxberryATowasp.org>
Achim D. Brucker <adbruckerAT0x5f.org>
Name Surname? ronpalATicloud.com
Hardik Parekh <hardikkparekhATyahoo.com>
Tushar Vartak <tusharvartakATme.com>
sebastien gioria <sebATgioria.org>
Mishra Dhiraj <mishra.dhirajATowasp.org>
Mittal Mehta <mittal28.mehtaATgmail.com>
Anant Shrivastava <anant.shrivastavaATgmail.com>
Safuat Hamdy <safuat.hamdyATsecorvo.de>
Mishra Dhiraj <mishra.dhirajATowasp.org>
Roeun Surname? roeunATlaposte.net
Suhas Desai <desai.suhasATgmail.com>
Juan Manuel Bahamonde <juanmanuel.bahamondeATgmail.com>
Dave Lewis <daveATliquidmatrix.org>
Ismael Goncalves <ismaelrocha.projetosATgmail.com>
Vinaya Sathyanarayana <vinallcontactATgmail.com>
Erez Yalon <erez.yalonATgmail.com>
Tomas Zatko <tomas.zatko at citadelo.com><mailto:tomas.zatko at citadelo.com>
Martin Hanic <martin.hanic at citadelo.com><mailto:martin.hanic at citadelo.com>
Amro Surname? <amroATowasp.org>
Tom Harris <harristhAThotmail.com>
tripurari rai <tripurari.raiATgmail.com>
Eduardo Castellanos <guayinATgmail.com>
Frederick Donovan <fred.donovan at owasp.org><mailto:fred.donovan at owasp.org>
Paolo Perego <thesp0nge at owasp.org><mailto:thesp0nge at owasp.org>
Kumaradasan, Vijayalakshmi (Allianz India) <vijayalakshmi.kumaradasan at allianz.com><mailto:vijayalakshmi.kumaradasan at allianz.com>
Pavol Luptak <pavol.luptak at owasp.org><mailto:pavol.luptak at owasp.org>
Jaume Vich Salas, <capertuxa at gmail.com><mailto:capertuxa at gmail.com>
Dan Damelio <TheDoubleD at gmail.com><mailto:TheDoubleD at gmail.com>
Dagoberto Almonacid <dalmunziz at gmail.com><mailto:dalmunziz at gmail.com>
Rick Mitchell <kingthorinAThotmail.com>
Sathish Babu <sats.in1 at gmail.com><mailto:sats.in1 at gmail.com>

Are you ready?



On 29/03/2017 12:04, Sathish Babu wrote:
Add me also. Apologize for the late request.

Pls share if u have any url to submit the details.

On 22 Mar 2017 12:32 p.m., "Paolo Perego" <thesp0nge at owasp.org<mailto:thesp0nge at owasp.org>> wrote:
Count me in!

On Wed, Feb 22, 2017 at 7:58 PM, Matteo Meucci <matteo.meucci at owasp.org<mailto:matteo.meucci at owasp.org>> wrote:


yes we have to create a timeline for that but we need to publish a new version this year. Who wants to join the team for v5?

We use the OWASP wiki to collaborate to the project.



On 22/02/2017 19:46, R M wrote:

Good afternoon Testing Guide list, it's been 2 or 3 years since v4 was published.

Is there a plan/timeline for starting to work on v5 yet?

Is it going to be a collaborative wiki edit again or is github (https://github.com/OWASP/OWASP-Testing-Guide) going to be used?


Owasp-testing mailing list

Owasp-testing at lists.owasp.org<mailto:Owasp-testing at lists.owasp.org>

_______________________________________________ Owasp-testing mailing list Owasp-testing at lists.owasp.org<mailto:Owasp-testing at lists.owasp.org> https://lists.owasp.org/mailman/listinfo/owasp-testing
"... static analysis is fun, again!" OWASP Orizon project leader, http://github.com/thesp0nge/owasp-orizon OWASP Esapi Ruby project leader, https://github.com/thesp0nge/owasp-esapi-ruby
_______________________________________________ Owasp-testing mailing list Owasp-testing at lists.owasp.org<mailto:Owasp-testing at lists.owasp.org> https://lists.owasp.org/mailman/listinfo/owasp-testing
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20170502/16e9173a/attachment.html>

More information about the Owasp-testing mailing list