[Owasp-testing] OWASP Testing Guide v2 vs. v1

Matteo Meucci matteo.meucci at gmail.com
Tue Mar 4 14:31:11 EST 2008

Hi Thorin,
yes the OWASP Testing Guide v2 completely replace the v1. Here is the
revision history:

Here you can find the new set of controls:

We are planning to begin the new project regarding v3. Keep tuned.


On Tue, Mar 4, 2008 at 3:44 PM, Thorin Oakenshield <kingthorin at gmail.com> wrote:
> Hi , I was recently reviewing the version 2 testing guide
> http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_v2_doc.zip, I was
> wondering if this is meant to compliment the older version 1 checklists/docs
> or replace them?
> Looking at the table in v2 (pgs 34 & 35) for example, does "OWASP-AT-001 :
> Default or guessable account" replace the older "OWASP-AUTHN-004 : Default
> Accounts"?
> I'm guessing that v2 replaces the older stuff since there seems to be a lot
> of overlap, but I wanted to confirm since v2 does not seem to cover
> absolutely everything that v1 did (OWASP-DP-001 for example). The
> http://www.owasp.org/index.php/OWASP_Testing_Project page does not make this
> clear at all.
> I'm also curious about the status of v3.
> _______________________________________________
>  Owasp-testing mailing list
>  Owasp-testing at lists.owasp.org
>  https://lists.owasp.org/mailman/listinfo/owasp-testing

Matteo Meucci
OWASP Testing Guide lead

More information about the Owasp-testing mailing list