[OWASP-TESTING] web application penetration testing checklist
mark.curphey at foundstone.com
Mon Mar 22 07:05:54 EST 2004
I didn't know OSSTM stuff was pay per view but it doesn't surprise
me...too many open source projects are going that way. This is one of
the reasons why all material is copyrighted to the free software
foundation ! Jeff Williams now has the not for profit OWASP Foundation
set up I believe. More on that later this week !
I like the flow diagram a lot. As I think we mentioned eventually we
should blend this pen test check list back into OWASP Testing Part 2,
but for now I see no reason why we shouldn't inlcude it.
Great stuff !
From: Javier Fernandez-Sanguino [mailto:jfernandez at germinus.com]
Sent: Monday, March 22, 2004 6:53 AM
To: daniel at deeper.co.za
Cc: owasp-testing at lists.sourceforge.net
Subject: Re: [OWASP-TESTING] web application penetration testing
daniel at deeper.co.za wrote:
> hmm the idea of that flow diagram would fit well with this doc, unless
> it should go in the main testing doc???
I don't know. Marc?
> I did have a look at the OSSTMM stuff this weekend and even though
> they do have a section on web apps, it doesnt go as deeply as this one
> Has anyone seen the beta version as that is supposed to have a
> detailed app testing section but
It probably has the one I attached, I'm not sure about that.
> i refuse to pay to access that doc
Me too. I dislike the "pay per view" attitude ISECOM has recently (since
last year) taken.
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
owasp-testing mailing list
owasp-testing at lists.sourceforge.net
More information about the Owasp-testing