Difference between revisions of "OWASP Testing Project v3 Review Roadmap"

Revision as of 11:45, 4 September 2008

This page track all the update to the Testing Guide v3 during the Reviewing phase.

In particular the focus is:
- Review the content of each article
- Review the english sintax
- no "attacker", better "tester"
- no "we describe", but "it is described"

Official Testing Guide Reviewers are:

• Nam Nguyen
• Kevin R.Fuller
• if you want to review it add your name please and keep track of updating

Nam Review:

Aug 31, 2008

• Appendix D
• Appendix C
• Appendix B
• Appendix A
• Chapter 5
  • How to write the report of the testing
    • ``TO UPDATE WITH V3 controls`` is still in the article. Has it been updated to v3? (Mat: I'm updating it, thanks)
• Chapter 4
  • Section 4.11 Testing for AJAX Vulnerabilities
    • There are mentioning of "attackers" but I think they are fine.
    • The subsection on Memory leaks is not complete.
  • Section 4.11 Testing for AJAX
    • The subsection "Intercepting and Debugging JS code with Browsers" is very difficult to understand. I tried to fix it, but I'm afraid what I have might not reflect what the original author wanted to express.

Sep 02, 2008

• Chapter 4
  • Section 4.10
    • Subsection Testing for WS Replay Gray box testing and examples gives incomplete sample code. I believe the call to GetSessionIDMac() missed four parameters. In this same part, using SSL helps in preventing replay attack but it doesnt prevent replay attack by itself.

Sep 04, 2008

• Chapter 4
  • Section 4.9

Kevin Review:

Date
articles reviewed

Date
articles reviewed

Questions: (Mat will answer it)