[Owasp-board] RFC: The new OWASP Testing Guide v2 has been released!

Matteo Meucci matteo.meucci at gmail.com
Tue Feb 20 14:30:42 UTC 2007

as Dinis suggests to me, I'd like to send the following mail to owasp-world.
What do you think about that? Any comments?



Welcome to the new OWASP Testing Guide!

A complete new project focused on describing the OWASP methodology for
Web Application Penetration Testing.
This project's goal is to create a "best practice" penetration testing
framework which users can implement in their own organizations and a
"low level" penetration testing guide that describes how to find certain issues.

I would like to take a moment to thank you all for the great effort in
creating the new OWASP Testing Guide v2.

The new version is built on top of the previous version of the guide
v1.0 and "OWASP Web Application Penetration Checklist", Version 1.1
dated 2004.
The project, as part of the OWASP Autumn of Code, started on October
1st 2006 reviewing all the old documentation.
The first month we made a call to action to collect all the best
security experts on application security asking them to collaborate in
writing the Guide.
We set up a 'dream team' of 39 authors and 20 reviewers: after 3
months of hard work and great team work we realized the v2 Release
Candidate 1 (RC1) by the 10th of January 2007. From that date to the
10th of February we received numerous great comments: more than 20
articles have been reviewed.

On the 10th of February we published the official version 2: a 272
pages high quality document, with 46 controls divided into 8
categories. You can download it in pdf or doc format at:

We'd like to ask you to support OWASP to help us reach the following goals:

*** Continuously improve the guide.
The Guide is a "live" document: we always need your feedback! Please
join our testing mailing list and share your ideas with us:
The next step is to begin working on the new version: one issue that
will be improved is the client side testing.

*** Promote the Testing Guide.
We would like to have some more media coverage on the guide, so
please, if you know somebody in there put them in touch. If you have
the chance, you can write an article about the Testing Guide and the
new OWASP Projects.
Also you can pick up the OWASP Testing Guide presentations and talk
about it in local conferences and Chapter meetings.

*** Translate the Guide into your local language
If you'd like to translate the Testing Guide in your local language,
please contact us.

*** Add 'quotes' to the Guide.
We made a special 'quotes' pages for the Testing Guide. In this
section we'd like to add all the comments and references to the Guide:


Matteo Meucci
OWASP Testing Guide lead

More information about the Owasp-board mailing list