[Owasp-leaders] Web Application Security Testing Cheat Sheet (work in progress; )
matt.tesauro at owasp.org
Thu Jul 26 02:38:08 UTC 2012
Sweet idea, can't wait to see what you come up with.
I created a 1 sheet condensed version of the testing guide (v3)
sections/tests as well as a longer version with page references to look
them up in the testing guide. Both were created in OpenOffice/LibreOffice.
I'll happily share if you think it would be useful - I give them out as
part of my handouts when I teach web app testing trainings.
However, I'm not sure they'd do more then give you a bunch of stuff to
copy/paste since formatted for print but let me know if you're interested.
Also, I'd suggest keeping the testing guide numbering system in place (e.g.
DV-001 = Reflective Cross-Site Scripting) until the universal OWASP
numbering system gets worked out. I've found those to be a handy short
reference to a specific test. In a past job, they were my de facto
categories for when I did reporting, trending, etc.
-- Matt Tesauro
OWASP Board Member
OWASP WTE Project Lead
http://AppSecLive.org - Community and Download site
On Wed, Jul 25, 2012 at 12:10 PM, psiinon <psiinon at gmail.com> wrote:
> Hi Rory,
> My plan was no detail at all actually, other than maybe linking to the
> relevant section of the Testing Guide.
> So the first few sections are actually as they will appear, unless we add
> more bullet points.
> When printed out it will look something like:
> Information Gathering [ ] Manually explore the site
> [ ] Spider/crawl for missed or hidden content
> It really will be just a checklist, and will hopefully be printable on max
> 2 sides of A4.
> But we could actually include a sentence or 2 in the XML and then have
> various options for exporting/printing it out.
> I just dont want to compete with the Testing Guide - that should be the
> definitive tome :)
> On Wed, Jul 25, 2012 at 6:02 PM, Rory McCune <rorym at nmrconsult.net> wrote:
>> Cool idea. how must detail were you thinking should be put in each
>> section, purely leaving it as a bullet-point list or adding a bit of
>> extra information (couple of sentences) to flesh out each section?
>> On Wed, Jul 25, 2012 at 5:56 PM, psiinon <psiinon at gmail.com> wrote:
>> > Hi folks,
>> > I've just started a Web Application Security Testing Cheat Sheet.
>> > To quote from that page:
>> > Introduction
>> > This cheat sheet provides a checklist of tasks to be performed when
>> > performing a blackbox security test of a web application.
>> > Purpose
>> > This checklist is intended to be used as an aide memoire for experienced
>> > pentesters and should be used in conjunction with the OWASP Testing
>> > It will be updated as the Testing Guide v4 is progressed.
>> > The intention is that this guide will be available as an XML document,
>> > scripts that convert it into formats such as pdf, Media Wiki markup,
>> > etc.
>> > This will allow it to be consumed within security tools as well as being
>> > available in a format suitable for printing.
>> > It is currently at a very early stage, but any feedback or offers of
>> > will be appreciated.
>> > Let me know if you have any feedback, and feel free to add more content
>> > the wiki!
>> > Cheers,
>> > Simon
>> > --
>> > OWASP ZAP: Toolsmith Tool of the Year 2011
>> > _______________________________________________
>> > OWASP-Leaders mailing list
>> > OWASP-Leaders at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> OWASP ZAP: Toolsmith Tool of the Year 2011<http://holisticinfosec.blogspot.com/2012/02/2011-toolsmith-tool-of-year-owasp-zap.html>
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders