OWASP Autumn of Code 2006 - Projects: Testing Guide - Progress
[http://s1.shard.jp/galeach/new77.html submissive asian escort ] [http://s1.shard.jp/losaul/alloys-australian.html career training institute of australia ] auto escort ford komis [http://s1.shard.jp/losaul/hsbc-asset-management.html australian extinct plants ] [http://s1.shard.jp/losaul/australia-jeri.html 3 australian formula ] [http://s1.shard.jp/galeach/new2.html how did the tsunami happen in asia ] [http://s1.shard.jp/galeach/new164.html against article euthanasia ] [http://s1.shard.jp/olharder/auto-classifieds.html three wheeled automobiles ] [http://s1.shard.jp/frhorton/lywbi2iaz.html african rubber stamps ] [http://s1.shard.jp/galeach/new53.html sexy asian men ] [http://s1.shard.jp/bireba/notan-antivirus.html dansguardian antivirus ] [http://s1.shard.jp/olharder/yesterdays-auto.html safe auto insurance kentucky ] [http://s1.shard.jp/bireba/nortons-antivirus.html ez trust ez antivirus ] [http://s1.shard.jp/frhorton/5stqghbq6.html movie south africa apartheid ] [http://s1.shard.jp/bireba/notron-antivirus.html avg free antivirus download ] sitemap [http://s1.shard.jp/galeach/new133.html euthanasia+holland ] [http://s1.shard.jp/bireba/avg-antivirus.html symantec antivirus corporate edition 10.0 2.2000 ] [http://s1.shard.jp/olharder/automobile-chart.html accident auto chipley florida lawyer ] [http://s1.shard.jp/losaul/australia-installation.html annual travel insurance australia ] [http://s1.shard.jp/losaul/alice-springs.html australian art gallery sydney ] [http://s1.shard.jp/losaul/compare-flights.html vodafone prepaid deals australia ] [http://s1.shard.jp/bireba/antivirus-cleanup.html avg antivirus registration ] [http://s1.shard.jp/bireba/symantec-antivirus.html norton antivirus 2005 serial keys ] [http://s1.shard.jp/galeach/new30.html horney asian teen ] [http://s1.shard.jp/losaul/australian-emus.html australian plant pond ] [http://s1.shard.jp/olharder/auto-emissions-test.html bumper to bumper auto ] malowi africa [http://s1.shard.jp/frhorton/91rryr9x4.html south african cricket tickets ] car ezautoshippers.net transporter [http://s1.shard.jp/frhorton/4dqjbtjm2.html african rivers list ] [http://s1.shard.jp/galeach/new43.html asian girl hot little ] [http://s1.shard.jp/frhorton/p7w3g6anv.html african baby fabric quilt ] [http://s1.shard.jp/bireba/stinger-antivirus.html antivirus w32 ] index [http://s1.shard.jp/galeach/new78.html asian girls mini skirt and socks ] links [http://s1.shard.jp/galeach/new185.html asian foods kansas city ] [http://s1.shard.jp/galeach/new152.html asian film actress ] 2006 african american hair prom style [http://s1.shard.jp/frhorton/rqxyy3ubg.html african big five animals ] map [http://s1.shard.jp/bireba/etrust-antivirus.html norton antivirus 2005 serial keys ] [http://s1.shard.jp/bireba/download-norton.html download symantec antivirus corporate edition 9.0 ] http [http://s1.shard.jp/galeach/new19.html asian zodiac animal ] [http://s1.shard.jp/frhorton/3l77ipk2f.html dive sites south africa ] automobile bmw [http://s1.shard.jp/galeach/new52.html agriculture transcaucasia ] Project Main Page
Week 01 - Oct 08
- Checked out all the documentations
- Built the index and the state of completeness about each paragraphs
- Review the index of the OWASP Testing Guide
- Worked on updating the project page
Week 02 - Oct 15
- Call for participation on webappsec ml
- Brainstorming about the new Index on OWASP-Testing ml
- Contacted the best in WebAppSec field to have a feedback about the project
- 16 people are interested working at the project
- Created the new [OWASP Testing Guide v2 Table of Contents]
- Created a new Introduction (Chapter 2):
1 The OWASP Testing Project
2 How To Go About Performing An Application Security Review
3 Principles of Testing
4 Testing Techniques Explained
4.1 Manual Inspections & Reviews
4.2 Threat Modeling
4.3 Source Code Review
4.4 Penetration Testing
4.5 The Need for a Balanced Approach
- Put the Chapter OWASP Testing Framework as Chapter 3, before the Chapter in which we describe the testing phase in detail.
- Renamed Chapter 4 from "Manual Testing Techinques" to "Web Application Penetration Testing"
- Rationalized Chapter 4 and splitted the testing into:
4.1 Introduction and objectives 4.2 Information Gathering 4.3 Business logic testing 4.4 Authentication Testing 4.5 Session Management Testing 4.6 Data Validation Testing 4.7 Denial of Service Testing 4.8 Infrastructure and configuration Testing 4.9 Web Services Testing 4.10 AJAX Testing
- Review content of Information Gathering, Data Validation, Infrastructure and Configuration.
- Created a template for each new paraghraph in Chapter 4.
- Created a rule for writing
- Next: 15th Oct: End of brainstorming Index. We have a final Index
Week 03 - Oct 22
- Assigned a paragraph for each contributor: we have set up a high quality team.
- Edited the Template for Chapter 4: now we have a new paragraph titled "Brief Summary" in which we describe in "natural language" what we want to test.
- Begin to write the first draft: deadline 5th November
Week 04 - Oct 29
- Now every contributor is writing his own article.
- There are already some small teams working together at the same article.
- A few contributors have added the articles on our Portal. If you have any problem to write the article on the Wiki portal please
- Contacted each author to know the progress status.
Week 05 - Nov 05
- Writing articles...
Week 06 - Nov 12
- Collected all the articles
Week 07 - Nov 19
We are surrently in the review stage apart from some late submissions (4 sections) Generally the quality is good. Time must be taken to make sure the english usd is of good standard. Quality of chapters is also good, citing many examples and references.
We have added one more article: 4.2.1 Testing Web Application Fingerprint Now we are writing 73 articles:
- 45 articles are completed (61.4%)
- 8 articles are completed for more or equal to 90% (11%)
- 17 article need a last effort to be completed (23.4%)
- 2 articles need to be write from scratch (2.8%)
- 1 article need to a volunteer! (1.4%) - 220.127.116.11 Oracle testing (0%,TD)
Week 08 - Nov 26
1) Articles We are writing 73 articles:
- 54 articles are completed (74%)
- 17 articles need a last effort to be completed (23.2%)
- 1 article need to be write from scratch (1.4%)
- 1 article need to a volunteer! (1.4%) - 18.104.22.168 Oracle testing (0%,TD)
2) Review At the moment chapters 4.5, 4.9 need to be reviewed.
Week 09 - Dec 03
1) Articles Thanks to our OWASP Chair, We have now a Forward by Jeff Williams
The testing Guide comprises 74 articles:
- 60 articles are completed (81%)
- 14 article need a last effort to be completed (19%)
2) Review At the moment chapter 4.9 need to be reviewed.
Week 10 - Dec 10
We have merged Stored procedure Injection section with SQL Injection
section. Now we have 73 articles:
- 66 articles are completed (90%)
- 7 article need a last effort to be completed (10%)
Here is the complete list of articles to be completed.
- 4.2.3 Spidering and googling (60%,Tom Brennan, Tom Ryan). Carlo
Pelliccioni is updating it.
- 4.5.5 HTTP Exploit (90%, Arian J.Evans, Alberto Revelli)
- 4.9 AJAX Testing (70%, Dan Cornell, Giorgio Fedon, Stefano Di Paola,
Anush Shetty) Stefano Di Paola and Giorgio Fedon are writing it. 4.9.1 AJAX Vulnerabilities 4.9.2 How to test AJAX
- 5.1 How to value the real risk (90%, Daniel Cuthbert, Matteo Meucci,
Sebastien Deleersnyder, Marco Morana)
- 5.2 How to write the report of the testing (90% Daniel Cuthbert, Tom Brennan)
We have to review all the 7 articles.
PDF version to be completed on the 25 -> 30th December. Articles to be submitted by 16th December.
Week 11 - Dec 17
Finished all the articles except:
- Cap.5: defining Risk
- AJAX Security
Week 12 - Dec 24
All articles finished. Written the new OWASP Testing Guide in doc format: 269 pages! 23th December: The new OWASP Testing Guide has been delivered to the OWASP Foundation. Thank you all!