[OWASP-TESTING] Web App Pen Testing Checklist
mark at curphey.com
Tue Mar 9 18:31:08 EST 2004
I am working in the draft but I was approached by two big banks today who both asked me if OWASP would develpo the same thing.
They basically want a checklist of things that should be tested for in a web app pen test so that they can use it to request services and get consistency as well as compare internal tests.
I think this is something we as a testing group can turn around really quick and release without too much of a problem. What do you think ? Anyone got a starting template ?
An example would be
Test Time Out Value
Test Entropy of Tokens
Test Tokens sent over SSL
More information about the Owasp-testing