[OWASP-TESTING] Final pentest checklist
mads at opencs.com.br
Mon Jul 5 08:40:42 EDT 2004
Just a quick comment, I hope it's not too late.
The NIST 800-30 document is at (version 2002)
If you want the January 2004 draft, its
(This link will probably expire soon since the deadline for sending
comments expired in March 20, 2004)
And could you include the title of the NIST document in the footnote
where you put the link?
The title is "Risk Management Guide for Information Technology Systems"
I caught an error in the User Authentication part.
The item number 10 has errors, Ref. number should be, "OWASP-AUTHN-0010"
and the objective should be "Ensure that passwords are not _blank_" not
In configuration management I think the objective for "OWASP-CM-003"
should be changed to, "Ensure that all vendor patches for known
vulnerabilities are applied."
In the data protection part, OWASP-DP-004, add to objective, "vulnerable
to the Man-In-The-Middle attack"
Mads Rasmussen, M.Sc.
Open Communications Security
+55 11 3345 2525
More information about the Owasp-testing