[Owasp-board] Request for Comment: The new OWASP Testing Guide v2 has been released!

Matteo Meucci matteo.meucci at gmail.com
Wed Feb 14 22:47:37 UTC 2007

as Dinis suggests to me, I'd like to send the following mail to owasp-world.
What do you think about that? Any comments?


Welcome to the new OWASP Testing Guide!
A complete new project focused on describing the OWASP methodology for
Web Application Penetration Testing.
This projects goal is to create a "best practices" penetration testing
framework which users can implement in their own organizations and a
"low level" penetration testing guide that describes how to find
certain issues.

I would like to take a moment to thank you all for the great effort in
producing the new OWASP Testing Guide v2.

The new version is built on top of the previous version of the guide
v1.0 and "OWASP Web Application Penetration Checklist", Version 1.1
dated 2004.
The project as part of the OWASP Autumn of Code, started on first
October 2006 reviewing all the old documentation.
The fist month we made a call to action to collect all the best
security experts on application security asking them to collaborate in
writing the Guide.
We got a dream team of 39 authors and 20 reviewers: after 3 months of
hard work and great team work we realized the v2 Release Candidate 1
(RC1) by 10th January 2007.
>From 10th January to 10th February we have received a lot of great
comments: more than 20 articles have been reviewed.

Last 10th February we have published the official version 2: a 272
pages high quality document, with 46 controls divided into 8

We'd like to ask you to support OWASP to reach the following goals:

*** Continuously improve the guide.
The Guide is a "live" document: we always need your feedback! Please
join our testing mailing list and share your ideas:
Next step is to begin to work to the new version: one issue that will
be improved is the client side testing.

*** Promote the Testing Guide.
We would like to have some more media coverage on the guide, so
please, if you know somebody in there put them in touch.
If you have the chance, you can write an article about the Testing
Guide and the new OWASP Projects.
Also you can pick up the OWASP Testing Guide presentations and talk
about it in local conferences and Chapter meetings.

*** Add 'quotes' to the Guide.
We made a special 'quotes' pages for the Testing Guide.
Here we'd want to add all the comments and references to the Guide.


Matteo Meucci
OWASP Testing Guide lead

More information about the Owasp-board mailing list