[OWASP-TESTING] Web App Pen Testing Checklist

Mark Curphey mark at curphey.com
Tue Mar 9 19:43:13 EST 2004


Cool. 

And this can slot into the Pen Test part of Part 2 of the Testing projects overall document.
---- "Calderon, Juan Carlos \\(GE Commercial Finance, NonGE\\)" <juan.calderon at ge.com> wrote:
>
> I totally agree.
> 
> IMHO this can be achieved faster if we brainstorm sending all our thoughts, then you can group them and finally release a document. mark has already started by suggesting some points.
> 
> What do you people thing?
> 
> JC
> 
> 
> -----Original Message-----
> From: owasp-testing-admin at lists.sourceforge.net
> [mailto:owasp-testing-admin at lists.sourceforge.net]On Behalf Of Mark
> Curphey
> Sent: Martes, 09 de Marzo de 2004 05:31 p.m.
> To: owasp-testing at lists.sourceforge.net
> Subject: [OWASP-TESTING] Web App Pen Testing Checklist
> 
> 
> I am working in the draft but I was approached by two big banks today who both asked me if OWASP would develpo the same thing. 
> 
> They basically want a checklist of things that should be tested for in a web app pen test so that they can use it to request services and get consistency as well as compare internal tests. 
> 
> I think this is something we as a testing group can turn around really quick and release without too much of a problem. What do you think ? Anyone got a starting template ?
> 
> An example would be
> 
> Session Management
> Test Mechanism
> Test Time Out Value
> Test Entropy of Tokens
> Test Tokens sent over SSL
> Test .......
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=ick
> _______________________________________________
> owasp-testing mailing list
> owasp-testing at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-testing
> 




More information about the Owasp-testing mailing list