[Owasp-testing] The new OWASP Testing Guide v3: published!
matteo.meucci at gmail.com
Tue Dec 16 16:13:33 EST 2008
ANNOUNCING THE NEW "OWASP TESTING GUIDE v3
OWASP is announcing the new OWASP Testing Guide v3. The project as
part of the OWASP Summer of Code, started on April 2008 reviewing the
version 2, improving it.
OWASP Testing Guide v3 is a 349 page book; we have split the set of
active tests in 9 sub-categories for a total of 66 controls to test
during the Web Application Testing activity.
Each control has an OWASP name, so for example a SQL Injection is
called: OWASP-DV-005, meaning that it is the 5th control of the Data
We got a dream team of 21 authors and 4 reviewers: after 6 months of
hard work and great team work we realized the v3.
We'd like to ask you to support OWASP to reach the following goals:
*** Continuously improve the guide.
The Guide is a "live" document: we always need your feedback!
Please join our testing mailing list and share your ideas:
*** Promote the Testing Guide.
We would like to have some more media coverage on the guide, so
please, if you know somebody in there put them in touch.
If you have the chance, you can write an article about the Testing
Guide and the new OWASP Projects.
Also you can pick up the OWASP Testing Guide presentations and talk
about it in local conferences and Chapter meetings.
*** Add 'quotes' to the Guide.
We made a special 'quotes' pages for the Testing Guide.
Here we'd want to add all the comments and references to the Guide.
The OWASP Testing Guide includes a "best practice" penetration testing
framework which users can implement in their own organizations and a
"low level" penetration testing guide that describes techniques for
testing most common web application and web service security issues.
Download the Guide Now:
View the Presentation at the OWASP Summit 08:
Join the Project Mailing List:
Thank you for your great job, team!
OWASP-Italy Chair, CISSP, CISA
OWASP Testing Guide lead
More information about the Owasp-testing