[Owasp-testing] OWASP Testing Guide V4

Kevin Horvath kevin.horvath at gmail.com
Thu Feb 3 09:07:31 EST 2011


Hello Adnan,

The guide is still in the works but it is still a few months away from
an initial draft.  This guide as well as other OWASP projects are
trying to adhere to a more common framework and numbering.  The
following is a roadmap that Matteo has outlined for v4 and we are
working towards it.  Thank you for the email and Matteo will send out
an update when things are further along.

This is the roadmap of v4:
- Create a new comprehensive list of all the possible vulnerabilities.
- Review all the control numbers to adhere to the OWASP Common numbering,
- Review all the sections in v3,
- Create a more readable guide, eliminating some sections that are not
really useful,
- Insert new testing techniques: HTTP Verb tampering, HTTP Parameter
Pollutions, etc.,
- Rationalize some sections as Session Management Testing,
- Debate if create a new section: Client side security and Firefox
extensions testing.

Regards,
Kevin

On Thu, Feb 3, 2011 at 8:47 AM, Muhammad Adnan Baig <madnan at i2cinc.com> wrote:
> Hi,
>
> Can some one tell me when the owasp testing guide v4 version will be
> available, as it was planned to be launched mid January 2011.
>
> Thanks,
> Adnan Baig
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
>


More information about the Owasp-testing mailing list