[Owasp-testing] Checklists for testing guide v4

Jim Manico jim.manico at owasp.org
Fri Feb 4 07:52:38 EST 2011


Try: http://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project

It's a little biased towards manual consulting services, but  I still feel it's a solid body of work that addresses what you are asking for (to some degree).

Regards,

-Jim Manico
http://manico.net

On Feb 4, 2011, at 5:21 AM, psiinon <psiinon at gmail.com> wrote:

> Hi folks,
> 
> I'm relatively new to this list, so apologies if this has been
> discussed to death in the past!
> 
> I'd like to see a set of checklists, either as part of the core guide,
> or as additional resources.
> I understand the various comments in the v3  guide like "Try to avoid
> using the guide as a checklist", but I do think that checklists could
> be a useful addition to the guide.
> I've had a look at pages like:
> http://www.owasp.org/index.php/Testing_Checklist, and
> http://a4apphack.com/featured/web-appsec-testing-checklist but they
> dont quite match what I have in mind.
> What I was thinking of was multiple checklists for different levels of
> pentesting - eg a novice / 'quick and dirty' test, a medium depth test
> and a full fat version.
> Ideally these would also be available as html pages which could then
> link directly to the relevant pages of the online version of the
> guide.
> I'd also really like them to be hierarchical, like
> http://portswigger.net/wahh/tasks.html :)
> They could then be included in tools (like the Zed Attack proxy;)
> which could provide integrated checklists, again linking to the guide
> contents.
> Obviously thats one angle I'm looking at, but I also teach basic pen
> testing techniques to functional testers, and for them the testing
> guide is quite heavy weight.
> A 'quick and dirty' checklist might make it easier for them to get
> started with basic security testing.
> If such checklists are thought to be useful then I'd be happy to
> contribute to them.
> 
> Thanks,
> 
> Psiinon
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing


More information about the Owasp-testing mailing list