[Owasp-testing] OWASP Testing Guide V4
matteo.meucci at gmail.com
Thu Feb 3 16:27:07 EST 2011
I've update the date. Next week we will define the roadmap together.
On Thu, Feb 3, 2011 at 4:53 PM, Muhammad Adnan Baig <madnan at i2cinc.com> wrote:
> Thanks kevin for the update, we are anxiously waiting for v4 draft.
> The road map provided for v4 is really good, I would also suggest to
> include firefox addones for security testing as its very helpful to
> identify the vulnerabilities.
> On 2/3/2011 7:07 PM, Kevin Horvath wrote:
>> Hello Adnan,
>> The guide is still in the works but it is still a few months away from
>> an initial draft. This guide as well as other OWASP projects are
>> trying to adhere to a more common framework and numbering. The
>> following is a roadmap that Matteo has outlined for v4 and we are
>> working towards it. Thank you for the email and Matteo will send out
>> an update when things are further along.
>> This is the roadmap of v4:
>> - Create a new comprehensive list of all the possible vulnerabilities.
>> - Review all the control numbers to adhere to the OWASP Common numbering,
>> - Review all the sections in v3,
>> - Create a more readable guide, eliminating some sections that are not
>> really useful,
>> - Insert new testing techniques: HTTP Verb tampering, HTTP Parameter
>> Pollutions, etc.,
>> - Rationalize some sections as Session Management Testing,
>> - Debate if create a new section: Client side security and Firefox
>> extensions testing.
>> On Thu, Feb 3, 2011 at 8:47 AM, Muhammad Adnan Baig<madnan at i2cinc.com> wrote:
>>> Can some one tell me when the owasp testing guide v4 version will be
>>> available, as it was planned to be launched mid January 2011.
>>> Adnan Baig
>>> Owasp-testing mailing list
>>> Owasp-testing at lists.owasp.org
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
OWASP-Italy Chair, CISSP, CISA
OWASP Testing Guide lead
More information about the Owasp-testing