[Owasp-testing] [Owasp-leaders] Public release of the OWASP TESTING GUIDE v4

Tomas Zatko tomas.zatko at citadelo.com
Sun Sep 28 15:58:01 UTC 2014


This is very good idea. I agree.

-- 
Tomas Zatko, CISSP, CEH
http://www.citadelo.com

On 28 Sep 2014, at 17:47, Jim Manico <jim.manico at owasp.org> wrote:

> My suggestion is that we hire a professional to grammar-edit all of our primary documents like the testing guide. Such services are very reasonable in cost.
> 
> --
> Jim Manico
> @Manicode
> (808) 652-3805
> 
> On Sep 28, 2014, at 8:43 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
> 
>> I've read it over the last few weeks. There are some typos still there. Before going to print shall we perform one more peer review?
>> 
>> 
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>> 
>> 
>> On 28 Sep 2014, at 16:30, Ryan Dewhurst <ryandewhurst at gmail.com> wrote:
>> 
>>> Any news on a paperback version? (from lulu.com?)
>>> 
>>> On Wed, Sep 24, 2014 at 8:20 PM, Matteo Meucci <matteo.meucci at owasp.org> wrote:
>>> Hi all,
>>> thanks to the fantastic job of Hugo we just upload an updated version of
>>> the Guide.
>>> 
>>> You can download it here:
>>> https://www.owasp.org/images/5/52/OWASP_Testing_Guide_v4.pdf
>>> 
>>> And it is accessible from here:
>>> http://www.owasp.org/index.php/OWASP_Testing_Project
>>> https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
>>> 
>>> 
>>> Thanks!
>>> Mat
>>> 
>>> 
>>> On 17/09/2014 17:03, Andrew Muller wrote:
>>> > Folks,
>>> >   OWASP is proud to announce the public release of the OWASP Testing
>>> > Guide version 4.
>>> > As a rich and diverse security community we should be proud of the
>>> > achievement and we'd like to thank and congratulate everyone that
>>> > authored or reviewed the Guide.
>>> > You'll notice several changes between v3 and v4. Some sections have been
>>> > renamed, removed or reworked, but overall the OWASP Testing Guide
>>> > version 4 improves on
>>> > version 3 in three ways:
>>> >
>>> > *1.* This version of the Testing Guide integrates with the two other
>>> > flagship OWASP documentation products: the Developers Guide and the Code
>>> > Review Guide. To achieve this we aligned the testing categories and test
>>> > numbering with those in other OWASP products. The objective of the
>>> > Testing and Code Review Guides is to evaluate the security controls
>>> > described by the Developers Guide.
>>> >
>>> > *2.* All chapters have been improved and test cases expanded to 87 (64
>>> > test cases in v3) including the introduction of four new chapters and
>>> > controls:
>>> > - Identity Management Testing
>>> > - Error Handling
>>> > - Cryptography
>>> > - Client Side Testing
>>> >
>>> > *3.* This version of the Testing Guide encourages the community not to
>>> > simply accept the test cases outlined in this guide. We encourage
>>> > security testers to integrate with other software testers and devise
>>> > test cases specific to the target application. As we find test cases
>>> > that have wider applicability we encourage the security testing
>>> > community to share them and contribute them to the Testing Guide. This
>>> > will continue to build the application security body of knowledge and
>>> > allow the development of the Testing Guide to be an iterative rather
>>> > than monolithic process.
>>> >
>>> >
>>> > As we continue to improve our tools and documentation, we'd like to ask
>>> > you to support OWASP to reach the following goals:
>>> >
>>> >   *Continuously improve the guide*.
>>> > The Guide is a "live" document: we always need your feedback! Tell us
>>> > what you love. Tell us what you love less.
>>> > Please join our testing mailing list and share your ideas:
>>> > http://lists.owasp.org/mailman/listinfo/owasp-testing
>>> > <http://lists.owasp.org/mailman/listinfo/owasp-testing>
>>> >
>>> >   *Promote the Testing Guide*.
>>> > We would like to have some more media coverage on the Guide, so please,
>>> > if you know somebody that can help please put them in touch with us.
>>> > If you have the chance, you can write an article about the Testing Guide
>>> > and other new OWASP Projects.
>>> >
>>> >   *Add 'quotes' to the Guide*.
>>> > We made a special 'quotes' pages for the Testing Guide.
>>> > Here we'd link you to add comments and references to the Guide.
>>> > http://www.owasp.org/index.php/OWASP_Testing_Guide_Quotes
>>> > <http://www.owasp.org/index.php/OWASP_Testing_Guide_Quotes>
>>> >
>>> > The OWASP Testing Guide includes a "best practice" penetration testing
>>> > framework which users can implement in their own organizations and a
>>> > "low level" penetration testing guide that describes techniques for
>>> > testing most common web application and web service security issues.
>>> >
>>> > Download or browse the Guide now from:
>>> >
>>> > - https://www.owasp.org/images/1/19/OTGv4.pdf
>>> >
>>> > -
>>> > https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
>>> > <https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents>
>>> >
>>> >
>>> > regards,
>>> > ____________________
>>> > *Andrew Muller*
>>> > Canberra OWASP Chapter Leader
>>> > OWASP Testing Guide Co-Leader
>>> 
>>> -
>>> _______________________________________________
>>> Owasp-testing mailing list
>>> Owasp-testing at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>> 
>>> _______________________________________________
>>> Owasp-testing mailing list
>>> Owasp-testing at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20140928/9d0231fe/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5014 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20140928/9d0231fe/attachment-0001.bin>


More information about the Owasp-testing mailing list