[Owasp-leaders] Web Application Security Testing Cheat Sheet (work in progress; )

psiinon psiinon at gmail.com
Wed Jul 25 17:10:20 UTC 2012


Hi Rory,

My plan was no detail at all actually, other than maybe linking to the
relevant section of the Testing Guide.
So the first few sections are actually as they will appear, unless we add
more bullet points.
When printed out it will look something like:
Information Gathering [ ] Manually explore the site
[ ] Spider/crawl for missed or hidden content

etc.
It really will be just a checklist, and will hopefully be printable on max
2 sides of A4.

But we could actually include a sentence or 2 in the XML and then have
various options for exporting/printing it out.
I just dont want to compete with the Testing Guide - that should be the
definitive tome :)

Cheers,

Simon


On Wed, Jul 25, 2012 at 6:02 PM, Rory McCune <rorym at nmrconsult.net> wrote:

> Hi,
>
> Cool idea. how must detail were you thinking should be put in each
> section, purely leaving it as a bullet-point list or adding a bit of
> extra information (couple of sentences) to flesh out each section?
>
> Cheers
>
> Rory
>
> On Wed, Jul 25, 2012 at 5:56 PM, psiinon <psiinon at gmail.com> wrote:
> > Hi folks,
> >
> > I've just started a Web Application Security Testing Cheat Sheet.
> >
> > To quote from that page:
> >
> > Introduction
> >
> > This cheat sheet provides a checklist of tasks to be performed when
> > performing a blackbox security test of a web application.
> >
> > Purpose
> >
> > This checklist is intended to be used as an aide memoire for experienced
> > pentesters and should be used in conjunction with the OWASP Testing
> Guide.
> > It will be updated as the Testing Guide v4 is progressed.
> >
> > The intention is that this guide will be available as an XML document,
> with
> > scripts that convert it into formats such as pdf, Media Wiki markup, HTML
> > etc.
> >
> > This will allow it to be consumed within security tools as well as being
> > available in a format suitable for printing.
> >
> > It is currently at a very early stage, but any feedback or offers of help
> > will be appreciated.
> >
> >
> > Let me know if you have any feedback, and feel free to add more content
> to
> > the wiki!
> >
> > Cheers,
> >
> > Simon
> >
> > --
> > OWASP ZAP: Toolsmith Tool of the Year 2011
> >
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
>



-- 
OWASP ZAP: Toolsmith Tool of the Year
2011<http://holisticinfosec.blogspot.com/2012/02/2011-toolsmith-tool-of-year-owasp-zap.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120725/2cda6f0f/attachment.html>


More information about the OWASP-Leaders mailing list