[OWASP-TESTING] web application penetration testing checklist

Javier Fernandez-Sanguino jfernandez at germinus.com
Mon Mar 22 06:45:45 EST 2004


> Comments would be appreciated on the structure and design as well as the sections
> (remember this isn’t the how do they
> fix the problem, its how do we test and find the problem)

I just remember I had written something for the OSSTMM that never got
released (who knows why, maybe it's only in ISECOM's "pay per view" area).

Some of the items of "Web Application Testing" might be useful for the
checklist (even though most of the stuff is already there). And,
maybe, the data flow approach is useful.

Feel free to use it as you wish. If you want changes to the data flow
I have the original sources (Visio) around too.

Regards

Javier



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20040322/b3e4a329/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 10291 bytes
Desc: not available
Url : http://lists.owasp.org/pipermail/owasp-testing/attachments/20040322/b3e4a329/attachment.png 


More information about the Owasp-testing mailing list