[Owasp-testing] OWASP Testing Guide V4

Matteo Meucci matteo.meucci at gmail.com
Thu Feb 3 16:27:07 EST 2011


Hi,
I've update the date. Next week we will define the roadmap together.

Thanks!
Mat

On Thu, Feb 3, 2011 at 4:53 PM, Muhammad Adnan Baig <madnan at i2cinc.com> wrote:
> Thanks kevin for the update, we are anxiously waiting for v4 draft.
>
> The road map provided for v4 is really good, I would also suggest to
> include firefox addones for security testing as its very helpful to
> identify the vulnerabilities.
>
> Regards,
> Adnan
>
> On 2/3/2011 7:07 PM, Kevin Horvath wrote:
>> Hello Adnan,
>>
>> The guide is still in the works but it is still a few months away from
>> an initial draft.  This guide as well as other OWASP projects are
>> trying to adhere to a more common framework and numbering.  The
>> following is a roadmap that Matteo has outlined for v4 and we are
>> working towards it.  Thank you for the email and Matteo will send out
>> an update when things are further along.
>>
>> This is the roadmap of v4:
>> - Create a new comprehensive list of all the possible vulnerabilities.
>> - Review all the control numbers to adhere to the OWASP Common numbering,
>> - Review all the sections in v3,
>> - Create a more readable guide, eliminating some sections that are not
>> really useful,
>> - Insert new testing techniques: HTTP Verb tampering, HTTP Parameter
>> Pollutions, etc.,
>> - Rationalize some sections as Session Management Testing,
>> - Debate if create a new section: Client side security and Firefox
>> extensions testing.
>>
>> Regards,
>> Kevin
>>
>> On Thu, Feb 3, 2011 at 8:47 AM, Muhammad Adnan Baig<madnan at i2cinc.com>  wrote:
>>> Hi,
>>>
>>> Can some one tell me when the owasp testing guide v4 version will be
>>> available, as it was planned to be launched mid January 2011.
>>>
>>> Thanks,
>>> Adnan Baig
>>>
>>> _______________________________________________
>>> Owasp-testing mailing list
>>> Owasp-testing at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>>
>>>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>



-- 
Matteo Meucci
OWASP-Italy Chair, CISSP, CISA
http://www.owasp.org/index.php/Italy
OWASP Testing Guide lead
http://www.owasp.org/index.php/Testing_Guide


More information about the Owasp-testing mailing list