This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Testing Project v3 Review Roadmap

From OWASP
Revision as of 13:30, 2 September 2008 by Namn (talk | contribs)

Jump to: navigation, search

This page track all the update to the Testing Guide v3 during the Reviewing phase.

In particular the focus is:
- Review the content of each article
- Review the english sintax
- no "attacker", better "tester"
- no "we describe", but "it is described"

Official Testing Guide Reviewers are:

  • Nam Nguyen
  • Kevin R.Fuller
  • if you want to review it add your name please and keep track of updating

Nam Review:


Aug 31, 2008

  • Appendix D
  • Appendix C
  • Appendix B
  • Appendix A
  • Chapter 5
  • Chapter 4
    • Section 4.11 Testing for AJAX Vulnerabilities
      • There are mentioning of "attackers" but I think they are fine.
      • The subsection on Memory leaks is not complete.
    • Section 4.11 Testing for AJAX
      • The subsection "Intercepting and Debugging JS code with Browsers" is very difficult to understand. I tried to fix it, but I'm afraid what I have might not reflect what the original author wanted to express.

Sep 02, 2008

  • Chapter 4
    • Section 4.10
      • Subsection Testing for WS Replay Gray box testing and examples gives incomplete sample code. I believe the call to GetSessionIDMac() missed four parameters. In this same part, using SSL helps in preventing replay attack but it doesnt prevent replay attack by itself.


Kevin Review:


Date
articles reviewed

Date
articles reviewed

Questions: (Mat will answer it)