Home page logo

webappsec logo WebApp Sec mailing list archives

The new OWASP Testing Guide v3: published!
From: "Matteo Meucci" <matteo.meucci () gmail com>
Date: Tue, 16 Dec 2008 22:15:13 +0100


OWASP is announcing the new OWASP Testing Guide v3. The project as
part of the OWASP Summer of Code, started on April 2008 reviewing the
version 2, improving it.
OWASP Testing Guide v3 is a 349 page book; we have split the set of
active tests in 9 sub-categories for a total of 66 controls to test
during the Web Application Testing activity.
Each control has an OWASP name, so for example a SQL Injection is
called: OWASP-DV-005, meaning that it is the 5th control of the Data
Validation category.
We got a dream team of 21 authors and 4 reviewers: after 6 months of
hard work and great team work we realized the v3.

We'd like to ask you to support OWASP to reach the following goals:

*** Continuously improve the guide.
The Guide is a "live" document: we always need your feedback!
Please join our testing mailing list and share your ideas:

*** Promote the Testing Guide.
We would like to have some more media coverage on the guide, so
please, if you know somebody in there put them in touch.
If you have the chance, you can write an article about the Testing
Guide and the new OWASP Projects.
Also you can pick up the OWASP Testing Guide presentations and talk
about it in local conferences and Chapter meetings.

*** Add 'quotes' to the Guide.
We made a special 'quotes' pages for the Testing Guide.
Here we'd want to add all the comments and references to the Guide.

The OWASP Testing Guide includes a "best practice" penetration testing
framework which users can implement in their own organizations and a
"low level" penetration testing guide that describes techniques for
testing most common web application and web service security issues.

Download the Guide Now:
- http://www.owasp.org/index.php/OWASP_Testing_Project
- http://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf

View the Presentation at the OWASP Summit 08:
- http://www.owasp.org/images/2/2c/OWASP_EU_Summit_2008_OWASP_Testing_Guide_v3.ppt

Join the Project Mailing List:
- http://lists.owasp.org/mailman/listinfo/owasp-testing

Matteo Meucci

Matteo Meucci
OWASP Testing Guide lead

Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today! 


  By Date           By Thread  

Current thread:
  • The new OWASP Testing Guide v3: published! Matteo Meucci (Dec 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]