search

OWASP / wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
https://owasp.org/www-project-web-security-testing-guide/
Creative Commons Attribution Share Alike 4.0 International
7.38k stars 1.34k forks source link

Map OWASP SKF labs to WSTG examples #262

Open RiieCco opened 4 years ago

RiieCco commented 4 years ago

What would you like added? OWASP SKF has a lot of different labs with write ups on "how to test". We can reference these labs in parts of the testing guide

The Lab write up can be found here: https://owasp-skf.gitbook.io/asvs-write-ups/

i.e the following lab: https://owasp-skf.gitbook.io/asvs-write-ups/kbid-46-sqli-union-select

could be referenced somewhere here in the testing guide: https://github.com/OWASP/wstg/blob/master/document/4_Web_Application_Security_Testing/4.8_Input_Validation_Testing/4.8.5_Testing_for_SQL_Injection_OTG-INPVAL-005.md

Would you like to be assigned to this issue? Check the box if you will submit a PR to add the proposed content. Please read CONTRIBUTING.md.

github-actions[bot] commented 4 years ago

Please comment if you are still working on this issue, as it has been inactive for 30 days. To give everyone a chance to contribute, we are releasing it to new contributors.

Hsiang-Chih commented 4 years ago

@kingthorin I will help to update the SKF labs & testing tools into the target - https://github.com/OWASP/wstg/blob/master/document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md

[v] Assign me, please!

kingthorin commented 4 years ago

That was just one example, the ticket is open to attach them everywhere they are applicable.

We also need to decide how/where it should be done.

ThunderSon commented 4 years ago

SKF mapping will not happen as such. SKF guides will be merged into WSTG, and referenced from SKF. SKF is a KB. @RiieCco Would you like that @Hsiang-Chih give a hand? :)

github-actions[bot] commented 3 years ago

Please comment if you are still working on this issue, as it has been inactive for 30 days. To give everyone a chance to contribute, we are releasing it to new contributors.

github-actions[bot] commented 3 years ago

Please comment if you are still working on this issue, as it has been inactive for 30 days. To give everyone a chance to contribute, we are releasing it to new contributors.

github-actions[bot] commented 2 years ago

Please comment if you are still working on this issue, as it has been inactive for 90 days. To give everyone a chance to contribute, we are releasing it to new contributors.