This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Testing Project v3 Review Roadmap
From OWASP
This page track all the update to the Testing Guide v3 during the Reviewing phase.
In particular the focus is:
- Review the content of each article
- Review the english sintax
- no "attacker", better "tester"
- no "we describe", but "it is described"
Official Testing Guide Reviewers are:
- Nam Nguyen
- Kevin R.Fuller
- if you want to review it add your name please and keep track of updating
Nam Review:
Aug 31, 2008
- Appendix D
- Appendix C
- Appendix B
- Appendix A
- Chapter 5
- How to write the report of the testing
- ``TO UPDATE WITH V3 controls`` is still in the article. Has it been updated to v3? (Mat: I'm updating it, thanks)
- How to write the report of the testing
- Chapter 4
- Section 4.11 Testing for AJAX Vulnerabilities
- There are mentioning of "attackers" but I think they are fine.
- The subsection on Memory leaks is not complete.
- Section 4.11 Testing for AJAX
- The subsection "Intercepting and Debugging JS code with Browsers" is very difficult to understand. I tried to fix it, but I'm afraid what I have might not reflect what the original author wanted to express.
- Section 4.11 Testing for AJAX Vulnerabilities
Sep 02, 2008
- Chapter 4
- Section 4.10
- Subsection Testing for WS Replay Gray box testing and examples gives incomplete sample code. I believe the call to GetSessionIDMac() missed four parameters. In this same part, using SSL helps in preventing replay attack but it doesnt prevent replay attack by itself.
- Section 4.10
Sep 04, 2008
- Chapter 4
- Section 4.9
Kevin Review:
Date
articles reviewed
Date
articles reviewed
Questions: (Mat will answer it)