[OWASP-TESTING] Final pentest checklist
Daniel at deeper.co.za
Mon Jul 5 07:51:03 EDT 2004
Caught in time :0)
I'm going to use the 2002 version as the Jan 2004 is still draft and i
feel uneasy using a draft version as a reference.
> Just a quick comment, I hope it's not too late.
> The NIST 800-30 document is at (version 2002)
> If you want the January 2004 draft, its
> (This link will probably expire soon since the deadline for sending
> comments expired in March 20, 2004)
> And could you include the title of the NIST document in the footnote
> where you put the link?
> The title is "Risk Management Guide for Information Technology Systems"
> I caught an error in the User Authentication part.
> The item number 10 has errors, Ref. number should be, "OWASP-AUTHN-0010"
> and the objective should be "Ensure that passwords are not _blank_" not
> _black_ :o)
> In configuration management I think the objective for "OWASP-CM-003"
> should be changed to, "Ensure that all vendor patches for known
> vulnerabilities are applied."
> In the data protection part, OWASP-DP-004, add to objective, "vulnerable
> to the Man-In-The-Middle attack"
> Mads Rasmussen, M.Sc.
> Open Communications Security
> +55 11 3345 2525
More information about the Owasp-testing