[OWASP-TESTING] web application penetration testing checklist

Mark Curphey mark.curphey at foundstone.com
Mon Mar 22 07:05:54 EST 2004

I didn't know OSSTM stuff was pay per view but it doesn't surprise
me...too many open source projects are going that way. This is one of
the reasons why all material is copyrighted to the free software
foundation ! Jeff Williams now has the not for profit OWASP Foundation
set up I believe. More on that later this week !

I like the flow diagram a lot. As I think we mentioned eventually we
should blend this pen test check list back into OWASP Testing Part 2,
but for now I see no reason why we shouldn't inlcude it. 

Great stuff !

-----Original Message-----
From: Javier Fernandez-Sanguino [mailto:jfernandez at germinus.com] 
Sent: Monday, March 22, 2004 6:53 AM
To: daniel at deeper.co.za
Cc: owasp-testing at lists.sourceforge.net
Subject: Re: [OWASP-TESTING] web application penetration testing

daniel at deeper.co.za wrote:

> hmm the idea of that flow diagram would fit well with this doc, unless

> it should go in the main testing doc???

I don't know. Marc?

> I did have a look at the OSSTMM stuff this weekend and even though 
> they do have a section on web apps, it doesnt go as deeply as this one

> will.

For sure.

> Has anyone seen the beta version as that is supposed to have a 
> detailed app testing section but

It probably has the one I attached, I'm not sure about that.

> i refuse to pay to access that doc

Me too. I dislike the "pay per view" attitude ISECOM has recently (since
last year) taken.



This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
owasp-testing mailing list
owasp-testing at lists.sourceforge.net

More information about the Owasp-testing mailing list