OWASP Testing Guide v2 Review Panel

13th November, 0 AM (GMT+1)

We are waiting for the following articles

4.2.2 Spidering and googling (0%, Tom Brennan, Tom Ryan) 4.2.4.2 DB Listener Testing (0%, Alexander Kornbrust) 4.5.5 HTTP Exploit (0%, Arian J.Evans) 4.6.2.1 Stored procedure injection (0%,TD) 4.6.2.2 Oracle testing (0%,Alexander Kornbrust) 4.6.4 ORM Injection (0%,TD) 5. Writing Reports: value the real risk 5.1 How to value the real risk (50%, Daniel Cuthbert, Matteo Meucci, Sebastien Deleersnyder, Marco Morana) 5.2 How to write the report of the testing (0%, Daniel Cuthbert, Tom Brennan, Tom Ryan)

Here is the complete list of articles to be reviewed: 1 of 1 article to be reviewed
 * Introduction
 * Introduction

1 of 1 article to be reviewed
 * The OWASP Testing Framework

1 of 1 article to be reviewed (no Meucci, Reviewed by EK)
 * 4.1 Introduction and objectives

9 of 10 articles to be reviewed
 * 4.2 Information Gathering (Reviewed by EK)

1 of 1 article to be reviewed
 * 4.3 Business logic testing

5 of 5 articles to be reviewed (No Meucci, no Revelli)
 * 4.4 Authentication Testing

5 of 6 articles to be reviewed (No Meucci)
 * 4.5 Session Management Testing

18 of 21 articles to be reviewed
 * 4.6 Data Validation Testing

8 of 8 articles to be reviewed
 * 4.7 Denial of Service Testing

6 of 6 articles to be reviewed (No Keary)
 * 4.8 Web Services Testing

6 of 6 articles to be reviewed (No Di Paola)
 * 4.9 AJAX Testing

We have to write about it. I consider it not yet finished. O of 3 articles to be reviewed.
 * Writing Reports: value the real risk

1 article of 1: need to update it searching all the guide for paragraps: tools
 * Appendix A: Testing Tools

1 article of 1: need to update it searching all the guide for paragraps: tools
 * Appendix B: Suggested Reading

Need to be updated
 * Appendix C: Fuzz Vectors

Rviewers Rules 1) Check the english language 2) Check the template: the articles on chapter 4 should have the following:

[Up]
 * Template***

Brief Summary
..here: we describe in "natural language" what we want to test.

Description of the Issue
...here: Short Description of the Issue: Topic and Explanation

Black Box testing and example
Testing for Topic X vulnerabilities: ... Result Expected: ...

Gray Box testing and example
Testing for Topic X vulnerabilities: ... Result Expected: ...