search

OWASP / wstg

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
https://owasp.org/www-project-web-security-testing-guide/
Creative Commons Attribution Share Alike 4.0 International
7.25k stars 1.32k forks source link

Fuzzing Improvements #588

Closed ThunderSon closed 1 year ago

ThunderSon commented 4 years ago

Following #585 I was interested to see that the OWASP Community fuzzing link is really weak.

In addition, through the cleanup, the categories were removed in Appendix C. Should we look to improve Appendix C, or to make the community link much better and contain techniques and ways to fuzz?

ThunderSon commented 4 years ago

After reviewing both parts, I believe both should be reviewed and stay independent from each other as fuzzing as a topic is much wider than what WSTG is concerned with.

For the WSTG, the appendix needs to:

We can have sections for the wordlists at a later stage, I don't see it as a crucial point for now.

github-actions[bot] commented 3 years ago

Please comment if you are still working on this issue, as it has been inactive for 30 days. To give everyone a chance to contribute, we are releasing it to new contributors.

github-actions[bot] commented 3 years ago

Please comment if you are still working on this issue, as it has been inactive for 30 days. To give everyone a chance to contribute, we are releasing it to new contributors.

github-actions[bot] commented 3 years ago

Please comment if you are still working on this issue, as it has been inactive for 30 days. To give everyone a chance to contribute, we are releasing it to new contributors.

kingthorin commented 3 years ago

Should probably include ffuf

https://twitter.com/Bugcrowd/status/1468604534717132800

kingthorin commented 3 years ago

Another potential ref/source: https://github.com/antonio-morales/Fuzzing101

ThunderSon commented 3 years ago

I'll tackle this to remove it off of our backlog

kingthorin commented 2 years ago

Poke :wink:

maheshbasnet089 commented 2 years ago

Can i work on this issue ?

kingthorin commented 2 years ago

Sure, just make sure you use https://github.com/OWASP/wstg/issues/588#issuecomment-714486547 as a guideline.

maheshbasnet089 commented 2 years ago

https://github.com/OWASP/wstg/pull/979/files

here is my pr kingthorin, any things to be updated?

maheshbasnet089 commented 1 year ago

How long does it take to be published here too sir https://owasp.org/www-project-web-security-testing-guide/latest/6-Appendix/C-Fuzz_Vectors

On Tue, 2 May 2023, 9:35 pm Rick M, @.***> wrote:

Closed #588 https://github.com/OWASP/wstg/issues/588 as completed via

979 https://github.com/OWASP/wstg/pull/979.

— Reply to this email directly, view it on GitHub https://github.com/OWASP/wstg/issues/588#event-9147273971, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQXRZ3RPJLLCQP3CTSYKAQLXEEUNNANCNFSM4SVJVAOA . You are receiving this because you were assigned.Message ID: @.***>

kingthorin commented 1 year ago

It won't. It should have been added to the existing content, not added as a new page 🤦‍♂️

I'll get it fixed sometime in the next few weeks.

maheshbasnet089 commented 1 year ago

Ok, thanks.

On Wed, 3 May 2023, 12:09 am Rick M, @.***> wrote:

It won't. It should have been added to the existing content, not added as a new page 🤦‍♂️

I'll get it fixed sometime in the next few weeks.

— Reply to this email directly, view it on GitHub https://github.com/OWASP/wstg/issues/588#issuecomment-1531944401, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQXRZ3R36ZGW5SSVAPVZYI3XEFGMHANCNFSM4SVJVAOA . You are receiving this because you were assigned.Message ID: @.***>

kingthorin commented 1 year ago

It's now live.