4.0
1NSchAb
1NSchAb
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
7<br />
Testing Guide Frontispiece<br />
1<br />
Testing Guide Frontispiece<br />
“Open and collaborative knowledge: that is the<br />
OWASP way.”<br />
With V4 we realized a new guide that will be the<br />
standard de-facto guide to perform Web Application<br />
Penetration Testing<br />
“Open and collaborative knowledge: that is the OWASP way.”<br />
With V4 we realized a new guide that will be the standard de-facto<br />
guide to perform Web Application Penetration Testing. - Matteo<br />
Meucci<br />
OWASP thanks the many authors, reviewers, and editors for their<br />
hard work in bringing this guide to where it is today. If you have any<br />
comments or suggestions on the Testing Guide, please e-mail the<br />
Testing Guide mail list:<br />
http:/lists.owasp.org/mailman/listinfo/owasp-testing<br />
Or drop an e-mail to the project leaders: Andrew Muller and Matteo Meucci<br />
Version <strong>4.0</strong><br />
The OWASP Testing Guide version 4 improves on version 3 in three ways:<br />
[1] This version of the Testing Guide integrates with the two other<br />
flagship OWASP documentation products: the Developers Guide and<br />
the Code Review Guide. To achieve this we aligned the testing categories<br />
and test numbering with those in other OWASP products. The<br />
aim of the Testing and Code Review Guides is to evaluate the security<br />
controls described by the Developers Guide.<br />
[2] All chapters have been improved and test cases expanded to 87<br />
(64 test cases in v3) including the introduction of four new chapters<br />
and controls:<br />
• Identity Management Testing<br />
• Error Handling<br />
• Cryptography<br />
• Client Side Testing<br />
[3] This version of the Testing Guide encourages the community not<br />
to simply accept the test cases outlined in this guide. We encourage<br />
security testers to integrate with other software testers and devise<br />
test cases specific to the target application. As we find test cases that<br />
have wider applicability we encourage the security testing community<br />
to share them and contribute them to the Testing Guide. This will continue<br />
to build the application security body of knowledge and allow<br />
the development of the Testing Guide to be an iterative rather than<br />
monolithic process.<br />
Copyright and License<br />
Copyright (c) 2014 The OWASP Foundation.<br />
This document is released under the Creative Commons 2.5 License.<br />
Please read and understand the license and copyright conditions.<br />
Revision History<br />
The Testing Guide v4 will be released in 2014. The Testing guide originated<br />
in 2003 with Dan Cuthbert as one of the original editors. It was<br />
handed over to Eoin Keary in 2005 and transformed into a wiki. Matteo<br />
Meucci has taken on the Testing guide and is now the lead of the<br />
OWASP Testing Guide Project. From 2012 Andrew Muller co-leadership<br />
the project with Matteo Meucci.<br />
2014<br />
• “OWASP Testing Guide”, Version <strong>4.0</strong><br />
15th September, 2008<br />
• “OWASP Testing Guide”, Version 3.0<br />
December 25, 2006<br />
• “OWASP Testing Guide”, Version 2.0<br />
July 14, 2004<br />
• “OWASP Web Application Penetration Checklist”, Version 1.1<br />
December 2004<br />
• “The OWASP Testing Guide”, Version 1.0<br />
Project Leaders<br />
Andrew Muller<br />
Andrew Muller: OWASP Testing Guide Lead since 2013.<br />
Matteo Meucci: OWASP Testing Guide Lead since 2007.<br />
Eoin Keary: OWASP Testing Guide 2005-2007 Lead.<br />
Daniel Cuthbert: OWASP Testing Guide 2003-2005 Lead.<br />
Matteo Meucci