[Owasp-testing] v5 Plan?

Safuat Hamdy safuat.hamdy at secorvo.de
Tue May 2 08:04:32 UTC 2017


good to see that activity is gaining momentum. In the meantime, I’ve worked on identifying and making explicit the potential for improvement. As I told Matteo before, I worked on a mapping between OTGv4, OTGv3, ASVS 3.0.1 Level 1, Top Ten 2013, the methodology of the Web App Hacker’s Handbook (Ch. 21 therein), CAPEC and CWE. So, will there be some space where I can upload the mapping? Moreover, while carving out the details of the map some ideas came to my mind about what changes to the OTG methodology (i.e. Ch. 4 of the Testing Guide) I envision, and I would like to share and discuss my ideas as well. Again, where to upload?



Dr. Safuat Hamdy
Security Consulting

Secorvo Security Consulting GmbH
Ettlinger Strasse 12-14, D-76137 Karlsruhe
Tel. +49 721 255171-304, Fax +49 721 255171-100
safuat.hamdy at secorvo.de, http://www.secorvo.de
PGP: 6A83 EC49 8474 D77C 1258  AE91 4BB4 8DEE 952A 2506

Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox

Von: owasp-testing-bounces+safuat.hamdy=secorvo.de at lists.owasp.org [mailto:owasp-testing-bounces+safuat.hamdy=secorvo.de at lists.owasp.org] Im Auftrag von Matteo Meucci
Gesendet: Freitag, 28. April 2017 19:51
An: owasp-testing <owasp-testing at lists.owasp.org>
Cc: Andrew Muller <andrew.muller at owasp.org>
Betreff: Re: [Owasp-testing] v5 Plan?

here is the plan and the list of interested to participate at the project.


Main goals
- Add new testing techniques
- Review and update all the sections in v4;
- Allign the project with the ASVS and OWASP Top 10 vulnerabilities
- Create a more readable guide, eliminating some sections that are not really useful;

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20170502/99e2ea10/attachment-0001.html>

More information about the Owasp-testing mailing list