[Owasp-leaders] [Owasp-testing] Public release of the OWASP TESTING GUIDE v4

Jim Manico jim.manico at owasp.org
Sun Sep 28 15:47:15 UTC 2014


My suggestion is that we hire a professional to grammar-edit all of our
primary documents like the testing guide. Such services are very reasonable
in cost.

--
Jim Manico
@Manicode
(808) 652-3805

On Sep 28, 2014, at 8:43 AM, Eoin Keary <eoin.keary at owasp.org> wrote:

I've read it over the last few weeks. There are some typos still there.
Before going to print shall we perform one more peer review?


Eoin Keary
Owasp Global Board
+353 87 977 2988


On 28 Sep 2014, at 16:30, Ryan Dewhurst <ryandewhurst at gmail.com> wrote:

Any news on a paperback version? (from lulu.com?)

On Wed, Sep 24, 2014 at 8:20 PM, Matteo Meucci <matteo.meucci at owasp.org>
wrote:

> Hi all,
> thanks to the fantastic job of Hugo we just upload an updated version of
> the Guide.
>
> You can download it here:
> https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf
>
> And it is accessible from here:
> http://www.owasp.org/index.php/OWASP_Testing_Project
> https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
>
>
> Thanks!
> Mat
>
>
> On 17/09/2014 17:03, Andrew Muller wrote:
> > Folks,
> >   OWASP is proud to announce the public release of the OWASP Testing
> > Guide version 4.
> > As a rich and diverse security community we should be proud of the
> > achievement and we'd like to thank and congratulate everyone that
> > authored or reviewed the Guide.
> > You'll notice several changes between v3 and v4. Some sections have been
> > renamed, removed or reworked, but overall the OWASP Testing Guide
> > version 4 improves on
> > version 3 in three ways:
> >
> > *1.* This version of the Testing Guide integrates with the two other
> > flagship OWASP documentation products: the Developers Guide and the Code
> > Review Guide. To achieve this we aligned the testing categories and test
> > numbering with those in other OWASP products. The objective of the
> > Testing and Code Review Guides is to evaluate the security controls
> > described by the Developers Guide.
> >
> > *2.* All chapters have been improved and test cases expanded to 87 (64
> > test cases in v3) including the introduction of four new chapters and
> > controls:
> > - Identity Management Testing
> > - Error Handling
> > - Cryptography
> > - Client Side Testing
> >
> > *3.* This version of the Testing Guide encourages the community not to
> > simply accept the test cases outlined in this guide. We encourage
> > security testers to integrate with other software testers and devise
> > test cases specific to the target application. As we find test cases
> > that have wider applicability we encourage the security testing
> > community to share them and contribute them to the Testing Guide. This
> > will continue to build the application security body of knowledge and
> > allow the development of the Testing Guide to be an iterative rather
> > than monolithic process.
> >
> >
> > As we continue to improve our tools and documentation, we'd like to ask
> > you to support OWASP to reach the following goals:
> >
> >   *Continuously improve the guide*.
> > The Guide is a "live" document: we always need your feedback! Tell us
> > what you love. Tell us what you love less.
> > Please join our testing mailing list and share your ideas:
> > http://lists.owasp.org/mailman/listinfo/owasp-testing
> > <http://lists.owasp.org/mailman/listinfo/owasp-testing>
> >
> >   *Promote the Testing Guide*.
> > We would like to have some more media coverage on the Guide, so please,
> > if you know somebody that can help please put them in touch with us.
> > If you have the chance, you can write an article about the Testing Guide
> > and other new OWASP Projects.
> >
> >   *Add 'quotes' to the Guide*.
> > We made a special 'quotes' pages for the Testing Guide.
> > Here we'd link you to add comments and references to the Guide.
> > http://www.owasp.org/index.php/OWASP_Testing_Guide_Quotes
> > <http://www.owasp.org/index.php/OWASP_Testing_Guide_Quotes>
> >
> > The OWASP Testing Guide includes a "best practice" penetration testing
> > framework which users can implement in their own organizations and a
> > "low level" penetration testing guide that describes techniques for
> > testing most common web application and web service security issues.
> >
> > Download or browse the Guide now from:
> >
> > - https://www.owasp.org/images/1/19/OTGv4.pdf
> >
> > -
> > https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
> > <
> https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents>
> >
> >
> > regards,
> > ____________________
> > *Andrew Muller*
> > Canberra OWASP Chapter Leader
> > OWASP Testing Guide Co-Leader
>
> -
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>

_______________________________________________
Owasp-testing mailing list
Owasp-testing at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-testing

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140928/89798048/attachment-0001.html>


More information about the OWASP-Leaders mailing list