This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Testing Project v3 Review Roadmap"

From OWASP
Jump to: navigation, search
Line 29: Line 29:
 
*** The subsection "Intercepting and Debugging JS code with Browsers" is very difficult to understand. I tried to fix it, but I'm afraid what I have might not reflect what the original author wanted to express.
 
*** The subsection "Intercepting and Debugging JS code with Browsers" is very difficult to understand. I tried to fix it, but I'm afraid what I have might not reflect what the original author wanted to express.
  
Date<br>
+
Sep 02, 2008
articles reviewed<br><br>
+
* Chapter 4
Questions: (Mat will answer it)<br>
+
** Section 4.10
 +
*** Subsection [[Testing for WS Replay]] Gray box testing and examples gives incomplete sample code. I believe the call to GetSessionIDMac() missed four parameters. In this same part, using SSL helps in preventing replay attack but it doesnt prevent replay attack by itself.
  
  

Revision as of 13:30, 2 September 2008

This page track all the update to the Testing Guide v3 during the Reviewing phase.

In particular the focus is:
- Review the content of each article
- Review the english sintax
- no "attacker", better "tester"
- no "we describe", but "it is described"

Official Testing Guide Reviewers are:

  • Nam Nguyen
  • Kevin R.Fuller
  • if you want to review it add your name please and keep track of updating

Nam Review:


Aug 31, 2008

  • Appendix D
  • Appendix C
  • Appendix B
  • Appendix A
  • Chapter 5
  • Chapter 4
    • Section 4.11 Testing for AJAX Vulnerabilities
      • There are mentioning of "attackers" but I think they are fine.
      • The subsection on Memory leaks is not complete.
    • Section 4.11 Testing for AJAX
      • The subsection "Intercepting and Debugging JS code with Browsers" is very difficult to understand. I tried to fix it, but I'm afraid what I have might not reflect what the original author wanted to express.

Sep 02, 2008

  • Chapter 4
    • Section 4.10
      • Subsection Testing for WS Replay Gray box testing and examples gives incomplete sample code. I believe the call to GetSessionIDMac() missed four parameters. In this same part, using SSL helps in preventing replay attack but it doesnt prevent replay attack by itself.


Kevin Review:


Date
articles reviewed

Date
articles reviewed

Questions: (Mat will answer it)