[OWASP-TESTING] Web App Pen Testing Checklist

Mark Curphey mark at curphey.com
Tue Mar 9 18:31:08 EST 2004

I am working in the draft but I was approached by two big banks today who both asked me if OWASP would develpo the same thing. 

They basically want a checklist of things that should be tested for in a web app pen test so that they can use it to request services and get consistency as well as compare internal tests. 

I think this is something we as a testing group can turn around really quick and release without too much of a problem. What do you think ? Anyone got a starting template ?

An example would be

Session Management
Test Mechanism
Test Time Out Value
Test Entropy of Tokens
Test Tokens sent over SSL
Test .......

More information about the Owasp-testing mailing list