[Owasp-board] RFC: The new OWASP Testing Guide v2 has been released!

Dinis Cruz dinis at ddplus.net
Tue Feb 20 16:47:45 UTC 2007

Thx Jeff Your changes were in line with my original comments to Matteo: Give
it an 'elevator pitch' into, and then put in the rest of the comments

So I think it is now good for release, Matteo sent it as an email to
owasp-all at lists.owasp.org and Jeff will approve it


On 2/20/07, Jeff Williams <jeff.williams at owasp.org> wrote:
> Hi Matteo,
> The formatting came through a little screwy, but I like the message.  I
> edited it a bit below.  Thanks!
> --Jeff
> -----Original Message-----
> ****************************************************************************
> *******************
> The OWASP Testing Guide includes a "best practice" penetration testing
> framework which users can implement in their own organizations and a "low
> level" penetration testing guide that describes techniques for testing
> most
> common web application and web service security issues.
> Download the Guide Now:
> - http://www.owasp.org/index.php/OWASP_Testing_Project (PDF and DOC)
> View the Project Overview Slides:
> -
> http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_Presentation.zip
> Join the Project Mailing List:
> - http://lists.owasp.org/mailman/listinfo/owasp-testing
> I would like to thank you all for the great effort in creating the new
> Testing Guide v2. The new version is a complete rewrite that subsumes the
> previous version and includes the "OWASP Web Application Penetration
> Checklist", Version 1.1 dated 2004.
> The project, as part of the OWASP Autumn of Code, started on October 1st
> 2006 reviewing all the old documentation. The first month we made a call
> to
> action to collect all the best security experts on application security
> asking them to collaborate in writing the Testing Guide.
> We set up a 'dream team' of 39 authors and 20 reviewers: after 3 months of
> hard work and great team work we realized the v2 Release Candidate 1 (RC1)
> by the 10th of January 2007. From that date to the 10th of February we
> received numerous great comments: more than 20 articles have been
> reviewed.
> On the 10th of February we published the official version 2: a 272 pages
> high quality document, with 46 controls divided into 8 categories.
> We need help to...
> *** Continuously Improve the Guide.
> The Guide is a "live" document: we always need your feedback! Please join
> our testing mailing list and share your ideas with us. The next step is to
> begin working on the new version: one issue that will be improved is the
> client side testing.
> *** Promote the Testing Guide
> We would like to have some more media coverage on the guide, so please, if
> you know somebody in there put them in touch. If you have the chance, you
> can write an article about the Testing Guide and the new OWASP Projects.
> Also you can pick up the OWASP Testing Guide presentations and talk about
> it
> in local conferences and Chapter meetings.
> *** Translate the Guide into your Local Language
> If you'd like to translate the Testing Guide in your local language,
> please
> contact us.
> *** Add 'Quotes' to the Guide.
> If you've used the guide and can share your experience, we'd love to hear
> from you. You can add your quote to the OWASP wiki here:
> http://www.owasp.org/index.php/Testing_Guide_Quotes
> Thanks,
> Mat
> --
> Matteo Meucci
> OWASP-Italy Chair, CISSP, CISA
> http://www.owasp.org/index.php/Italy
> OWASP Testing Guide lead
> http://www.owasp.org/index.php/Testing_Guide
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-board

Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070220/9bad606c/attachment-0002.html>

More information about the Owasp-board mailing list