Difference between revisions of "OWASP Autumn of Code 2006 - Projects: Testing Guide"

From OWASP
Jump to: navigation, search
 
(24 intermediate revisions by 3 users not shown)
Line 1: Line 1:
'''AoC Candidate:''' Matteo
+
== The new OWASP Testing Guide ==
  
'''Project Coordinator:''' Eoin Keary
+
January 2007: '''The OWASP Testing Guide v2 is completed!'''
 +
* You can read it on line here: [[http://www.owasp.org/index.php/Category:OWASP_Testing_Project  Testing Guide Project]]
  
'''Project Progress:''' 0% Complete - [[OWASP_Autumn_of_Code_2006_-_Projects:_Testing_Guide_-_Progress|Progress Page]]
+
== Project History ==
  
== Background and Motivation ==
+
'''AoC Candidate:''' Matteo Meucci
 +
 
 +
'''Project Coordinator:''' [[User:EoinKeary|Eoin Keary]]<BR>
 +
'''Project Progress:''' 99.9% Complete - [[OWASP_Autumn_of_Code_2006_-_Projects:_Testing_Guide_-_Progress|Progress Page]]
 +
 
 +
=== Background and Motivation ===
  
 
'''History Behind Project'''
 
'''History Behind Project'''
 
The Testing guide originated in 2003 with Dan Cuthbert as one of the original editors. It was handed over to Eoin Keary in 2005 and transformed into a wiki.
 
The Testing guide originated in 2003 with Dan Cuthbert as one of the original editors. It was handed over to Eoin Keary in 2005 and transformed into a wiki.
 
Being a wiki it is easier for people to contribute and should make updating much easier.
 
Being a wiki it is easier for people to contribute and should make updating much easier.
Matteo Meucci has decided to take on the Testing guide (which is not a trivial feat) and update it.
+
[[User:Mmeucci|Matteo Meucci]] has decided to take on the Testing guide (which is not a trivial feat) and update it.
  
 
'''Problem to be Addressed'''
 
'''Problem to be Addressed'''
Line 18: Line 24:
 
A reference to the testing community that is updated by the community. It should provide many of the answers one would look for when testing the security of a web application.
 
A reference to the testing community that is updated by the community. It should provide many of the answers one would look for when testing the security of a web application.
  
== Goals and Deliverables ==  
+
=== Goals and Deliverables ===
  
The guide to be updated with a defined list pf topics and the current guide reviewed.
+
The guide to be updated with a defined list of topics and the current guide reviewed.
 
the list of additional topics has been agreed with the AoC.
 
the list of additional topics has been agreed with the AoC.
  
 
'''Plan of Approach'''
 
'''Plan of Approach'''
A review of the existing matireal is required firstly.
+
A review of the existing material is required first.
any matier that required updatign shall be rectified then.
+
Any material that required an update shall be rectified then.
A defined list of additional topics shall then be added. The must be reviewed also for quality.
+
A defined list of additional topics shall then be added. They must be reviewed also for quality.
 
* Please refer to the [http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Projects:_Testing_Guide_-_Progress progress page] for updated information about the project
 
* Please refer to the [http://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Projects:_Testing_Guide_-_Progress progress page] for updated information about the project
Here is the working [http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents Testing Guide] to be reviewed
+
Here is the working [http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents Testing Guide]<br>
 +
Here is the [http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Review_Panel Review Panel]
  
==Feedback and Participation==
+
===Feedback and Participation===
 
   
 
   
 
We hope you find the information in the OWASP Testing project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP Testing mailing list. Thanks!
 
We hope you find the information in the OWASP Testing project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP Testing mailing list. Thanks!
Line 36: Line 43:
 
To join the OWASP Testing mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-testing subscription page].  
 
To join the OWASP Testing mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-testing subscription page].  
  
 +
If you want to contribute, please view the Index and post a message on ml. Tell us what par. you want to write, then read the rule to write.
 +
 +
=== Template ===
 +
 +
Here is the template for writing a new paragraph in Chapter 4: <br>
 +
[[Template Paragraph Testing AoC|Template Paragraph Testing]] (Updated 19th October)
 +
 +
=== Rule to write a paragraph ===
 +
 +
[[Rule To Write AoC| Rule to write a paragraph]]
  
 
'''Deliverables'''
 
'''Deliverables'''
Line 41: Line 58:
 
A revised and updated Testing Guide which shall be more extensive than ever before.
 
A revised and updated Testing Guide which shall be more extensive than ever before.
  
== Risks and Rewards ==  
+
=== Risks and Rewards ===
  
 
The size of this task can not be underestimated. It is a large time-consuming task.
 
The size of this task can not be underestimated. It is a large time-consuming task.
Line 53: Line 70:
 
A extensive and nearly exhaustive guide on web application security testing.
 
A extensive and nearly exhaustive guide on web application security testing.
  
== Template ==
+
 
+
Here is the template for writing a new paragraph in Chapter 4: <br>
+
[[Template Paragraph Testing AoC|Template Paragraph Testing]] (draft: deadline 15th october)
+
  
  
  
 
[[Category:OWASP Testing Project AoC]]
 
[[Category:OWASP Testing Project AoC]]
 +
[[Category: OWASP Project|Autumn of Code 2006 - Projects: Testing Guide]]

Latest revision as of 13:26, 9 March 2010

Contents

The new OWASP Testing Guide

January 2007: The OWASP Testing Guide v2 is completed!

Project History

AoC Candidate: Matteo Meucci

Project Coordinator: Eoin Keary
Project Progress: 99.9% Complete - Progress Page

Background and Motivation

History Behind Project The Testing guide originated in 2003 with Dan Cuthbert as one of the original editors. It was handed over to Eoin Keary in 2005 and transformed into a wiki. Being a wiki it is easier for people to contribute and should make updating much easier. Matteo Meucci has decided to take on the Testing guide (which is not a trivial feat) and update it.

Problem to be Addressed Many additional sections should be updated and reviewed. Also additional areas of discovery should be addressed. the guide currently covers alot but could (and should) cover much more.

Benefit to OWASP Members and Community A reference to the testing community that is updated by the community. It should provide many of the answers one would look for when testing the security of a web application.

Goals and Deliverables

The guide to be updated with a defined list of topics and the current guide reviewed. the list of additional topics has been agreed with the AoC.

Plan of Approach A review of the existing material is required first. Any material that required an update shall be rectified then. A defined list of additional topics shall then be added. They must be reviewed also for quality.

  • Please refer to the progress page for updated information about the project

Here is the working Testing Guide
Here is the Review Panel

Feedback and Participation

We hope you find the information in the OWASP Testing project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP Testing mailing list. Thanks!

To join the OWASP Testing mailing list or view the archives, please visit the subscription page.

If you want to contribute, please view the Index and post a message on ml. Tell us what par. you want to write, then read the rule to write.

Template

Here is the template for writing a new paragraph in Chapter 4:
Template Paragraph Testing (Updated 19th October)

Rule to write a paragraph

Rule to write a paragraph

Deliverables

A revised and updated Testing Guide which shall be more extensive than ever before.

Risks and Rewards

The size of this task can not be underestimated. It is a large time-consuming task.

Main Risks Non completion due to size. Overlap of the guide with other parts of the site.

Rewards of Successful Project

A extensive and nearly exhaustive guide on web application security testing.