Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge REST Assessment CS into WSTG #351

Open
ThunderSon opened this issue Mar 6, 2020 · 9 comments
Open

Merge REST Assessment CS into WSTG #351

ThunderSon opened this issue Mar 6, 2020 · 9 comments
Assignees
@za
Labels
good first issue new New content to write revise Needs quality review, updates, or revision
Milestone
v4.3 Release

Comments

@ThunderSon
Copy link
Collaborator

ThunderSon commented Mar 6, 2020
edited
Loading

What would you like added?
Following the issue from the CheatSheets project, Issue 367 discusses the move of Rest Assessment CS to WSTG

What do you think? If yes, this can modified to fit with the REST testing scenario
@ThunderSon ThunderSon added the new New content to write label Mar 6, 2020
@kingthorin kingthorin changed the title Merge Rest Assessment CS into WSTG Merge REST Assessment CS into WSTG Apr 28, 2020
@kingthorin kingthorin added this to the v4.2: Test Additions milestone Apr 28, 2020
@Hsiang-Chih
Copy link
Contributor

@kingthorin
I can help, but I am thinking where/which section we may add the information? Any advices?

Reference
REST_Security_Cheat_Sheet

REST_Assessment cs

@ThunderSon
Copy link
Collaborator Author

@Hsiang-Chih This will be part of #492
Let's discuss this there and see how things can be structured.
We can create a section for API testing that will contain them, we'll have to review the identifiers and how this can be smooth in terms of usage.
If you're willing to lead on the REST effort, I don't mind having it in parallel.

@kingthorin kingthorin added the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Oct 1, 2020
@kingthorin kingthorin removed the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Nov 2, 2020
@github-actions
Copy link

Please comment if you are still working on this issue, as it has been inactive for 30 days. To give everyone a chance to contribute, we are releasing it to new contributors.

@github-actions
Copy link

Please comment if you are still working on this issue, as it has been inactive for 30 days. To give everyone a chance to contribute, we are releasing it to new contributors.

@kingthorin kingthorin added the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Oct 1, 2021
za added a commit to za/wstg that referenced this issue Oct 13, 2021
@za
Merge REST cheatsheet into WSTG
58a23ec 
GitHub issue: OWASP#351
@za za mentioned this issue Oct 13, 2021
Merged
2 tasks
@za
Copy link
Contributor

za commented Oct 13, 2021

Merged REST cheatsheet into WSTG @ThunderSon @kingthorin in PR #800 Now we may start discussing how we gonna structure testing REST application section.

@kingthorin kingthorin removed the HacktoberFest Issues which are good candidates for HacktoberFest: https://hacktoberfest.digitalocean label Nov 4, 2021
@ThunderSon
Copy link
Collaborator Author

@za apologies for not interacting on this ticket yet.
Thanks for bringing in the content from the CSS project. Can you tell me what your idea would look like for the testing section for REST APIs?
We usually discuss things in issues as we move it into a PR.

@za
Copy link
Contributor

za commented Nov 8, 2021

@ThunderSon I thought CSS was Cascading Style Sheet 😅 I've no significant idea at the moment to improve of what's already written here in CSS https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/REST_Assessment_Cheat_Sheet.md

Before we proceed, I'd like to know what's the difference between OWASP WSTG vs CSS? Are the audience expecting to be more hands on (step-by-step approach) on WSTG?

@ThunderSon
Copy link
Collaborator Author

ThunderSon commented Nov 23, 2021
edited
Loading

Hey @za , the difference between the two projects is the following:

  • OWASP CSS is focused on delivering content to builders in "cheat" manner, because as we all know, security sometimes can be daunting and overwhelming.
  • OWASP WSTG focuses on providing the reader with knowledge similar to a book, scenario by scenario, and where possible linked together (it's a book after all). This is for attackers, and not builders. Builders can definitely use it to test and make sure things are well protected (that makes them attackers too at that bit).

Back when the REST CS (cheat sheet) was written, there was no clear focus on who's consuming it. By now, it's old, so definitely requires an update. The methodology is still similar, no debating that.

What should be done is the transformation of the look of that CS into how our template guide is shaped like (@kingthorin shared it on the PR, and it's in our root directory).
Our template depicts an attacker's flow, and should help guide you on what we're expecting.

Let me know how I can help further :)

kingthorin pushed a commit to za/wstg that referenced this issue Apr 9, 2022
@za @kingthorin
Migrate REST cheatsheet to WSTG
826d0db 
GitHub issue: OWASP#351
kingthorin pushed a commit that referenced this issue Apr 9, 2022
@za
Migrate REST cheatsheet to WSTG (#800)
cc8789b 
GitHub issue: #351
@kingthorin
Copy link
Collaborator

https://github.com/OWASP/wstg/blob/master/REST_CS_Migrate.md

@kingthorin kingthorin added the revise Needs quality review, updates, or revision label Apr 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@za za

Labels
good first issue new New content to write revise Needs quality review, updates, or revision
Projects
None yet
Milestone
v4.3 Release
Development

No branches or pull requests
5 participants
@za @kingthorin @victoriadrake @ThunderSon @Hsiang-Chih