[Owasp-testing] OWASP Testing Guide V4

Muhammad Adnan Baig madnan at i2cinc.com
Thu Feb 3 10:53:06 EST 2011


Thanks kevin for the update, we are anxiously waiting for v4 draft.

The road map provided for v4 is really good, I would also suggest to 
include firefox addones for security testing as its very helpful to 
identify the vulnerabilities.

Regards,
Adnan

On 2/3/2011 7:07 PM, Kevin Horvath wrote:
> Hello Adnan,
>
> The guide is still in the works but it is still a few months away from
> an initial draft.  This guide as well as other OWASP projects are
> trying to adhere to a more common framework and numbering.  The
> following is a roadmap that Matteo has outlined for v4 and we are
> working towards it.  Thank you for the email and Matteo will send out
> an update when things are further along.
>
> This is the roadmap of v4:
> - Create a new comprehensive list of all the possible vulnerabilities.
> - Review all the control numbers to adhere to the OWASP Common numbering,
> - Review all the sections in v3,
> - Create a more readable guide, eliminating some sections that are not
> really useful,
> - Insert new testing techniques: HTTP Verb tampering, HTTP Parameter
> Pollutions, etc.,
> - Rationalize some sections as Session Management Testing,
> - Debate if create a new section: Client side security and Firefox
> extensions testing.
>
> Regards,
> Kevin
>
> On Thu, Feb 3, 2011 at 8:47 AM, Muhammad Adnan Baig<madnan at i2cinc.com>  wrote:
>> Hi,
>>
>> Can some one tell me when the owasp testing guide v4 version will be
>> available, as it was planned to be launched mid January 2011.
>>
>> Thanks,
>> Adnan Baig
>>
>> _______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>
>>



More information about the Owasp-testing mailing list