OWASP Testing Project v3 Review Roadmap

This page track all the update to the Testing Guide v3 during the Reviewing phase.

In particular the focus is: - Review the content of each article - Review the english sintax - no "attacker", better "tester" - no "we describe", but "it is described"

Official Testing Guide Reviewers are:
 * Nam Nguyen
 * Kevin R.Fuller
 * if you want to review it add your name please and keep track of updating

Nam Review:

Aug 31, 2008
 * Appendix D
 * Appendix C
 * Appendix B
 * Appendix A
 * Chapter 5
 * How to write the report of the testing
 * ``TO UPDATE WITH V3 controls`` is still in the article. Has it been updated to v3? (Mat: I'm updating it, thanks)
 * Chapter 4
 * Section 4.11 Testing for AJAX Vulnerabilities
 * There are mentioning of "attackers" but I think they are fine.
 * The subsection on Memory leaks is not complete.
 * Section 4.11 Testing for AJAX
 * The subsection "Intercepting and Debugging JS code with Browsers" is very difficult to understand. I tried to fix it, but I'm afraid what I have might not reflect what the original author wanted to express.

Sep 02, 2008
 * Chapter 4
 * Section 4.10
 * Subsection Testing for WS Replay Gray box testing and examples gives incomplete sample code. I believe the call to GetSessionIDMac missed four parameters. In this same part, using SSL helps in preventing replay attack but it doesnt prevent replay attack by itself.

Sep 04, 2008
 * Chapter 4
 * Section 4.9

Kevin Review:

Date articles reviewed Date articles reviewed Questions: (Mat will answer it)