[Owasp-board] RFC: The new OWASP Testing Guide v2 has been released!

Jeff Williams jeff.williams at owasp.org
Tue Feb 20 15:48:38 UTC 2007

Hi Matteo,

The formatting came through a little screwy, but I like the message.  I
edited it a bit below.  Thanks!


-----Original Message-----



The OWASP Testing Guide includes a "best practice" penetration testing
framework which users can implement in their own organizations and a "low
level" penetration testing guide that describes techniques for testing most
common web application and web service security issues.

Download the Guide Now:
- http://www.owasp.org/index.php/OWASP_Testing_Project (PDF and DOC)

View the Project Overview Slides:
- http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_Presentation.zip

Join the Project Mailing List:
- http://lists.owasp.org/mailman/listinfo/owasp-testing


I would like to thank you all for the great effort in creating the new OWASP
Testing Guide v2. The new version is a complete rewrite that subsumes the
previous version and includes the "OWASP Web Application Penetration
Checklist", Version 1.1 dated 2004.

The project, as part of the OWASP Autumn of Code, started on October 1st
2006 reviewing all the old documentation. The first month we made a call to
action to collect all the best security experts on application security
asking them to collaborate in writing the Testing Guide.

We set up a 'dream team' of 39 authors and 20 reviewers: after 3 months of
hard work and great team work we realized the v2 Release Candidate 1 (RC1)
by the 10th of January 2007. From that date to the 10th of February we
received numerous great comments: more than 20 articles have been reviewed.

On the 10th of February we published the official version 2: a 272 pages
high quality document, with 46 controls divided into 8 categories.


We need help to...

*** Continuously Improve the Guide.
The Guide is a "live" document: we always need your feedback! Please join
our testing mailing list and share your ideas with us. The next step is to
begin working on the new version: one issue that will be improved is the
client side testing.

*** Promote the Testing Guide
We would like to have some more media coverage on the guide, so please, if
you know somebody in there put them in touch. If you have the chance, you
can write an article about the Testing Guide and the new OWASP Projects.
Also you can pick up the OWASP Testing Guide presentations and talk about it
in local conferences and Chapter meetings.

*** Translate the Guide into your Local Language
If you'd like to translate the Testing Guide in your local language, please
contact us.

*** Add 'Quotes' to the Guide.
If you've used the guide and can share your experience, we'd love to hear
from you. You can add your quote to the OWASP wiki here:


Matteo Meucci
OWASP Testing Guide lead

More information about the Owasp-board mailing list