[OWASP-TESTING] Updated Pen Test Check List

Mark Curphey mark.curphey at foundstone.com
Thu Apr 8 16:18:12 EDT 2004

OK, sorry for the delay in this. I thought I would get to it last night
but it took a little longer than I thought and some other things got in
the way. 

I have tried to make everything as an "issue" that should be checked for
and not a consequence or a technique. I have aligned this with OASIS WAS
Vuln Types although there are a few issues I would like to still add. I
have also removed the things that were techniques or consequences. 

Let me know what you think. I know we will need to add more issues etc
but I hope the formatting and style is now consistent. 

If you like it I suggest we use this as a template, and send updates via
email to the list. If you update the doc even with tracking turned on it
winds up with having to merge different versions and I end up being
secretary and I don't look food in a skirt. Drunken pictures of a
Montreal bachelor party out there will validate that!

If we can make changes very quick I would be happy to release it this
weekend and the Testing Part One next weekend although that depends on
how much work you all think this still needs. 

Please take a look and think of issues that are not covered and send
them to the list. 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OWASP Web App Internet Pen Test Check List 1.0.doc
Type: application/msword
Size: 277504 bytes
Desc: OWASP Web App Internet Pen Test Check List 1.0.doc
Url : http://lists.owasp.org/pipermail/owasp-testing/attachments/20040408/2e6f10ed/attachment.doc 

More information about the Owasp-testing mailing list