[Owasp-leaders] Web Application Security Testing Cheat Sheet (work in progress; )

Rory McCune rorym at nmrconsult.net
Wed Jul 25 17:12:52 UTC 2012


Hi,

yeah makes sense, I'll put some stuff from the checklist I use up
there (I'm guessing that most of the testers on the list have
something similar that they use so it would be great to have a merged
version!)

Cheers

Rory

On Wed, Jul 25, 2012 at 6:10 PM, psiinon <psiinon at gmail.com> wrote:
> Hi Rory,
>
> My plan was no detail at all actually, other than maybe linking to the
> relevant section of the Testing Guide.
> So the first few sections are actually as they will appear, unless we add
> more bullet points.
> When printed out it will look something like:
>
> Information Gathering
>
> [ ] Manually explore the site
> [ ] Spider/crawl for missed or hidden content
>
> etc.
> It really will be just a checklist, and will hopefully be printable on max 2
> sides of A4.
>
> But we could actually include a sentence or 2 in the XML and then have
> various options for exporting/printing it out.
> I just dont want to compete with the Testing Guide - that should be the
> definitive tome :)
>
> Cheers,
>
> Simon
>
>
>
> On Wed, Jul 25, 2012 at 6:02 PM, Rory McCune <rorym at nmrconsult.net> wrote:
>>
>> Hi,
>>
>> Cool idea. how must detail were you thinking should be put in each
>> section, purely leaving it as a bullet-point list or adding a bit of
>> extra information (couple of sentences) to flesh out each section?
>>
>> Cheers
>>
>> Rory
>>
>> On Wed, Jul 25, 2012 at 5:56 PM, psiinon <psiinon at gmail.com> wrote:
>> > Hi folks,
>> >
>> > I've just started a Web Application Security Testing Cheat Sheet.
>> >
>> > To quote from that page:
>> >
>> > Introduction
>> >
>> > This cheat sheet provides a checklist of tasks to be performed when
>> > performing a blackbox security test of a web application.
>> >
>> > Purpose
>> >
>> > This checklist is intended to be used as an aide memoire for experienced
>> > pentesters and should be used in conjunction with the OWASP Testing
>> > Guide.
>> > It will be updated as the Testing Guide v4 is progressed.
>> >
>> > The intention is that this guide will be available as an XML document,
>> > with
>> > scripts that convert it into formats such as pdf, Media Wiki markup,
>> > HTML
>> > etc.
>> >
>> > This will allow it to be consumed within security tools as well as being
>> > available in a format suitable for printing.
>> >
>> > It is currently at a very early stage, but any feedback or offers of
>> > help
>> > will be appreciated.
>> >
>> >
>> > Let me know if you have any feedback, and feel free to add more content
>> > to
>> > the wiki!
>> >
>> > Cheers,
>> >
>> > Simon
>> >
>> > --
>> > OWASP ZAP: Toolsmith Tool of the Year 2011
>> >
>> >
>> > _______________________________________________
>> > OWASP-Leaders mailing list
>> > OWASP-Leaders at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >
>
>
>
>
> --
> OWASP ZAP: Toolsmith Tool of the Year 2011
>


More information about the OWASP-Leaders mailing list