[OWASP-TESTING] Web App Pen Testing Checklist
mark at curphey.com
Tue Mar 9 19:43:13 EST 2004
And this can slot into the Pen Test part of Part 2 of the Testing projects overall document.
---- "Calderon, Juan Carlos \\(GE Commercial Finance, NonGE\\)" <juan.calderon at ge.com> wrote:
> I totally agree.
> IMHO this can be achieved faster if we brainstorm sending all our thoughts, then you can group them and finally release a document. mark has already started by suggesting some points.
> What do you people thing?
> -----Original Message-----
> From: owasp-testing-admin at lists.sourceforge.net
> [mailto:owasp-testing-admin at lists.sourceforge.net]On Behalf Of Mark
> Sent: Martes, 09 de Marzo de 2004 05:31 p.m.
> To: owasp-testing at lists.sourceforge.net
> Subject: [OWASP-TESTING] Web App Pen Testing Checklist
> I am working in the draft but I was approached by two big banks today who both asked me if OWASP would develpo the same thing.
> They basically want a checklist of things that should be tested for in a web app pen test so that they can use it to request services and get consistency as well as compare internal tests.
> I think this is something we as a testing group can turn around really quick and release without too much of a problem. What do you think ? Anyone got a starting template ?
> An example would be
> Session Management
> Test Mechanism
> Test Time Out Value
> Test Entropy of Tokens
> Test Tokens sent over SSL
> Test .......
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> owasp-testing mailing list
> owasp-testing at lists.sourceforge.net
More information about the Owasp-testing