[OWASP-TESTING] web application penetration testing checklist

daniel at deeper.co.za daniel at deeper.co.za
Mon Mar 22 06:32:14 EST 2004


hmm the idea of that flow diagram would fit well with this doc, unless it should go in the
main testing doc???

I did have a look at the OSSTMM stuff this weekend and even though they do have a section
on web apps, it doesnt go as
deeply as this one will. Has anyone seen the beta version as that is supposed to have a
detailed app testing section but
i refuse to pay to access that doc



> > Comments would be appreciated on the structure and design as well as the sections
> > (remember this isn’t the how do they
> > fix the problem, its how do we test and find the problem)
> 
> I just remember I had written something for the OSSTMM that never got 
> released (who knows why, maybe it's only in ISECOM's "pay per view" area).
> 
> Some of the items of "Web Application Testing" might be useful for the 
> checklist (even though most of the stuff is already there). And, 
> maybe, the data flow approach is useful.
> 
> Feel free to use it as you wish. If you want changes to the data flow 
> I have the original sources (Visio) around too.
> 
> Regards
> 
> Javier
> 
> 






More information about the Owasp-testing mailing list