[Owasp-testing] Web Application Security Testing Cheat Sheet

psiinon psiinon at gmail.com
Tue Jul 31 09:26:36 UTC 2012


Hi folks,

As those of you also on the Leaders list will have seen I've started a Web
Application Security Testing Cheat
Sheet<https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet>
.

To quote from that page:
Introduction

This cheat sheet provides a checklist of tasks to be performed when
performing a blackbox security test of a web application.
 Purpose

This checklist is intended to be used as an aide memoire for experienced
pentesters and should be used in conjunction with the OWASP Testing
Guide<https://www.owasp.org/index.php/Category:OWASP_Testing_Project>.
It will be updated as the Testing Guide
v4<https://www.owasp.org/index.php/OWASP_Application_Testing_guide_v4>is
progressed.

The intention is that this guide will be available as an XML document, with
scripts that convert it into formats such as pdf, Media Wiki markup, HTML
etc.

This will allow it to be consumed within security tools as well as being
available in a format suitable for printing.

It is currently at a very early stage, but any feedback or offers of help
will be appreciated.


As a lot of it comes from the Testing Guide v3, all of the guide authors
are credited (as a group rather than individually).

My initial draft has already been improved by various people (thanks!), but
I'm sure theres plenty more improvements possible.

So please have a look at it, post any feedback to this thread, and feel
free to add more content to the wiki!
Cheers,

Simon
-- 
OWASP ZAP: Toolsmith Tool of the Year
2011<http://holisticinfosec.blogspot.com/2012/02/2011-toolsmith-tool-of-year-owasp-zap.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20120731/a7e08a25/attachment.html>


More information about the Owasp-testing mailing list