[OWASP-TESTING] Web App Pen Testing Checklist

Calderon, Juan Carlos (GE Commercial Finance, NonGE) juan.calderon at ge.com
Tue Mar 9 18:52:59 EST 2004

I totally agree.

IMHO this can be achieved faster if we brainstorm sending all our thoughts, then you can group them and finally release a document. mark has already started by suggesting some points.

What do you people thing?


-----Original Message-----
From: owasp-testing-admin at lists.sourceforge.net
[mailto:owasp-testing-admin at lists.sourceforge.net]On Behalf Of Mark
Sent: Martes, 09 de Marzo de 2004 05:31 p.m.
To: owasp-testing at lists.sourceforge.net
Subject: [OWASP-TESTING] Web App Pen Testing Checklist

I am working in the draft but I was approached by two big banks today who both asked me if OWASP would develpo the same thing. 

They basically want a checklist of things that should be tested for in a web app pen test so that they can use it to request services and get consistency as well as compare internal tests. 

I think this is something we as a testing group can turn around really quick and release without too much of a problem. What do you think ? Anyone got a starting template ?

An example would be

Session Management
Test Mechanism
Test Time Out Value
Test Entropy of Tokens
Test Tokens sent over SSL
Test .......

This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
owasp-testing mailing list
owasp-testing at lists.sourceforge.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2074 bytes
Desc: not available
Url : http://lists.owasp.org/pipermail/owasp-testing/attachments/20040309/402233d3/attachment.bin 

More information about the Owasp-testing mailing list