Difference between revisions of "Projects/OWASP Testing Project/Releases/Testing Guide V 4.0/Roadmap"

From OWASP
Jump to: navigation, search
Line 4: Line 4:
 
** Update the OWASP vulnerability database. I mean we can update this:<br>
 
** Update the OWASP vulnerability database. I mean we can update this:<br>
 
** http://www.owasp.org/index.php/Testing_Checklist<br>
 
** http://www.owasp.org/index.php/Testing_Checklist<br>
** Inserting new testing techniques: HTTP Verb tampering, HTTP Parameter Pollutions, URL Redirection, Insecure Direct Object References, Insecure Cryptographic Storage, Failure to Restrict URL Access, Insufficient Transport Layer Protection, Unvalidated Redirects and Forwards.
+
** Inserting new testing techniques, OWASP Top10 update: HTTP Verb tampering, HTTP Parameter Pollutions, URL Redirection, Insecure Direct Object References, Insecure Cryptographic Storage, Failure to Restrict URL Access, Insufficient Transport Layer Protection, Unvalidated Redirects and Forwards.
 
** Create a test case for each test to perform using O2 platform
 
** Create a test case for each test to perform using O2 platform
 
** Review and improve all the sections in v3,  
 
** Review and improve all the sections in v3,  
Line 10: Line 10:
 
** Create a new section: Client side security and Firefox extensions testing.  
 
** Create a new section: Client side security and Firefox extensions testing.  
  
Project Plan:<br>
+
Project Plan:
**17th July 2010: Start a brainstorming for the new index starting from "Release Description",
+
** 17th July 2010: Start a brainstorming for the new index starting from "Release Description",
**5th August 2010: Create the new index and the new team,
+
** 5th August 2010: Create the new index and the new team,
**6th August 2010: Starting writing articles,
+
** 6th August 2010: Starting writing articles,
**15th September 2010: Starting the first review phase,
+
** 15th September 2010: Starting the first review phase,
**15th October 2010: Starting writing articles II phase,
+
** 15th October 2010: Starting writing articles II phase,
**15th November 2010: Starting the second review phase,
+
** 15th November 2010: Starting the second review phase,
**15th December 2010: Create the RC1,
+
** 15th December 2010: Create the RC1,
**15th January 2011: Release the version 4.
+
** 15th January 2011: Release the version 4.

Revision as of 17:54, 16 July 2010

  • Project Roadmap
    • Introduce the new project to the testing Guide mailing list,
    • Involve the contributors: we need to involve also the final users of the Testing Guide (for example Banking Companies to understand how they would like to improve that).
    • Update the OWASP vulnerability database. I mean we can update this:
    • http://www.owasp.org/index.php/Testing_Checklist
    • Inserting new testing techniques, OWASP Top10 update: HTTP Verb tampering, HTTP Parameter Pollutions, URL Redirection, Insecure Direct Object References, Insecure Cryptographic Storage, Failure to Restrict URL Access, Insufficient Transport Layer Protection, Unvalidated Redirects and Forwards.
    • Create a test case for each test to perform using O2 platform
    • Review and improve all the sections in v3,
    • Create a more readable guide, eliminating some sections that are not really useful, Rationalize some sections as Session Management Testing,
    • Create a new section: Client side security and Firefox extensions testing.

Project Plan:

    • 17th July 2010: Start a brainstorming for the new index starting from "Release Description",
    • 5th August 2010: Create the new index and the new team,
    • 6th August 2010: Starting writing articles,
    • 15th September 2010: Starting the first review phase,
    • 15th October 2010: Starting writing articles II phase,
    • 15th November 2010: Starting the second review phase,
    • 15th December 2010: Create the RC1,
    • 15th January 2011: Release the version 4.