[Owasp-testing] OWASP Testing Guide v2 vs. v1

Matteo Meucci matteo.meucci at gmail.com
Tue Mar 4 14:31:11 EST 2008


Hi Thorin,
yes the OWASP Testing Guide v2 completely replace the v1. Here is the
revision history:
http://www.owasp.org/index.php/Testing_Guide_Frontispiece#Revision_History

Here you can find the new set of controls:
http://www.owasp.org/index.php/Testing:_Introduction_and_objectives

We are planning to begin the new project regarding v3. Keep tuned.

Thanks,
Mat



On Tue, Mar 4, 2008 at 3:44 PM, Thorin Oakenshield <kingthorin at gmail.com> wrote:
> Hi , I was recently reviewing the version 2 testing guide
> http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_v2_doc.zip, I was
> wondering if this is meant to compliment the older version 1 checklists/docs
> or replace them?
>
> Looking at the table in v2 (pgs 34 & 35) for example, does "OWASP-AT-001 :
> Default or guessable account" replace the older "OWASP-AUTHN-004 : Default
> Accounts"?
>
> I'm guessing that v2 replaces the older stuff since there seems to be a lot
> of overlap, but I wanted to confirm since v2 does not seem to cover
> absolutely everything that v1 did (OWASP-DP-001 for example). The
> http://www.owasp.org/index.php/OWASP_Testing_Project page does not make this
> clear at all.
>
> I'm also curious about the status of v3.
> _______________________________________________
>  Owasp-testing mailing list
>  Owasp-testing at lists.owasp.org
>  https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>



-- 
Matteo Meucci
OWASP-Italy Chair, CISSP, CISA
http://www.owasp.org/index.php/Italy
OWASP Testing Guide lead
http://www.owasp.org/index.php/Testing_Guide


More information about the Owasp-testing mailing list