[Owasp-testing] Public release of the OWASP TESTING GUIDE v4

Ryan Dewhurst ryandewhurst at gmail.com
Wed Sep 17 15:33:17 UTC 2014


P.S. is it available in paperback version yet?

On Wed, Sep 17, 2014 at 5:32 PM, Ryan Dewhurst <ryandewhurst at gmail.com>
wrote:

> Great work Andrew, Matteo and everyone else who contributed!
>
> On Wed, Sep 17, 2014 at 5:03 PM, Andrew Muller <andrew.muller at owasp.org>
> wrote:
>
>> Folks,
>>   OWASP is proud to announce the public release of the OWASP Testing
>> Guide version 4.
>> As a rich and diverse security community we should be proud of the
>> achievement and we'd like to thank and congratulate everyone that authored
>> or reviewed the Guide.
>> You'll notice several changes between v3 and v4. Some sections have been
>> renamed, removed or reworked, but overall the OWASP Testing Guide version 4
>> improves on
>> version 3 in three ways:
>>
>> *1.* This version of the Testing Guide integrates with the two other
>> flagship OWASP documentation products: the Developers Guide and the Code
>> Review Guide. To achieve this we aligned the testing categories and test
>> numbering with those in other OWASP products. The objective of the Testing
>> and Code Review Guides is to evaluate the security controls described by
>> the Developers Guide.
>>
>> *2.* All chapters have been improved and test cases expanded to 87 (64
>> test cases in v3) including the introduction of four new chapters and
>> controls:
>> - Identity Management Testing
>> - Error Handling
>> - Cryptography
>> - Client Side Testing
>>
>> *3.* This version of the Testing Guide encourages the community not to
>> simply accept the test cases outlined in this guide. We encourage security
>> testers to integrate with other software testers and devise test cases
>> specific to the target application. As we find test cases that have wider
>> applicability we encourage the security testing community to share them and
>> contribute them to the Testing Guide. This will continue to build the
>> application security body of knowledge and allow the development of the
>> Testing Guide to be an iterative rather than monolithic process.
>>
>>
>> As we continue to improve our tools and documentation, we'd like to ask
>> you to support OWASP to reach the following goals:
>>
>>   *Continuously improve the guide*.
>> The Guide is a "live" document: we always need your feedback! Tell us
>> what you love. Tell us what you love less.
>> Please join our testing mailing list and share your ideas:
>> http://lists.owasp.org/mailman/listinfo/owasp-testing
>>
>>   *Promote the Testing Guide*.
>> We would like to have some more media coverage on the Guide, so please,
>> if you know somebody that can help please put them in touch with us.
>> If you have the chance, you can write an article about the Testing Guide
>> and other new OWASP Projects.
>>
>>   *Add 'quotes' to the Guide*.
>> We made a special 'quotes' pages for the Testing Guide.
>> Here we'd link you to add comments and references to the Guide.
>> http://www.owasp.org/index.php/OWASP_Testing_Guide_Quotes
>>
>> The OWASP Testing Guide includes a "best practice" penetration testing
>> framework which users can implement in their own organizations and a "low
>> level" penetration testing guide that describes techniques for testing most
>> common web application and web service security issues.
>>
>> Download or browse the Guide now from:
>>
>> - https://www.owasp.org/images/1/19/OTGv4.pdf
>>
>> - https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_
>> Table_of_Contents
>>
>>
>> regards,
>> ____________________
>> *Andrew Muller*
>> Canberra OWASP Chapter Leader
>> OWASP Testing Guide Co-Leader
>>
>> _______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20140917/8049582f/attachment-0001.html>


More information about the Owasp-testing mailing list