Category:OWASP Testing Project
From OWASP
| This project has produced a book that can be downloaded or purchased. Feel free to browse the full catalog of available OWASP books. |
Click here to see (& edit, if wanted) the template.
| PROJECT IDENTIFICATION | ||||||
|---|---|---|---|---|---|---|
| Project Name | OWASP Testing Guide V3.0 Project | |||||
| Short Project Description | The OWASP Testing Guide V2.0 was a great success, with thousand downloads and many many Companies that have adopted it as standard for a Web Application Penetration Testing. Now it's time to begin a new project that is based on v2 but improve it and complete it. | |||||
| Email Contacts | Project Leader Matteo Meucci | Project Contributors Name&Email | Mailing List/Subscribe Mailing List/Use | First Reviewer Name | Second Reviewer Name | OWASP Board Member Name&Email |
| PROJECT MAIN LINKS | |||||
|---|---|---|---|---|---|
|
Index brainstorming
| |||||
| RELATED PROJECTS | |||||
|---|---|---|---|---|---|
| SPONSORS & GUIDELINES | |||||
|---|---|---|---|---|---|
| Sponsor - OWASP Summer of Code 2008 | Sponsored Project/Guidelines/Roadmap | ||||
| ASSESSMENT AND REVIEW PROCESS | ||||
|---|---|---|---|---|
| Review/Reviewer | Author's Self Evaluation (applicable for Alpha Quality & further) | First Reviewer (applicable for Alpha Quality & further) | Second Reviewer (applicable for Beta Quality & further) | OWASP Board Member (applicable just for Release Quality) |
| 50% Review | Objectives & Deliveries reached? Yes/No (To update) --------- See&Edit:50% Review/Self-Evaluation (A) | Objectives & Deliveries reached? Yes/No (To update) --------- See&Edit: 50% Review/1st Reviewer (C) | Objectives & Deliveries reached? Yes/No (To update) --------- See&Edit: 50%Review/2nd Reviewer (E) | X |
| Final Review | Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See&Edit: Final Review/SelfEvaluation (B) | Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See&Edit: Final Review/1st Reviewer (D) | Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See&Edit: Final Review/2nd Reviewer (F) | Objectives & Deliveries reached? Yes/No (To update) --------- Which status has been reached? Season of Code - (To update) --------- See/Edit: Final Review/Board Member (G) |
Contents |
Welcome to the new OWASP Testing Guide
OWASP Testing Guide v3: let's start!
26th April 2008: Thanks to the SoC 08 results the planning stage has started for version 3.0 of the Testing Guide. If you have knowledge and experience in application testing, and can spare a few hours a week, please do get in touch. Alternatively you can join the OWASP Testing mailing list. The project is lead by Matteo Meucci.
Planning the new Testing Guide v3:
I phase: create the Index
Call for participation.
Index brainstorming
Discuss the article content.
Deadline: Sun 18th May 2008.
II phase: start writing
After creating the new Index, we will assign each paragraph to the volunteers, start writing!
Each author will write the article on the wiki and reviewed by the OWASP Testing guide team.
Deadline: 30th June 2008
III phase: start reviewing
Create the reviewer team. Assign each new paragraph to the reviewer.
Deadline: 20th July 2008
IV phase: Finalize the Guide
Create the doc and pdf format of the v3.
Deadline: 15th August 2008
Project deadlines:
- 21st May: Project status presentation at the OWASP AppSec Euro 08 Conference in Belgium.
- 15th June - Participants to report on project status.
- 31th August - Project completion. Participants should deliver final project report.
Roadmap
View the OWASP Testing Project v3 Roadmap
Background and Motivation
History Behind Project The Testing guide originated in 2003 with Dan Cuthbert as one of the original editors. It was handed over to Eoin Keary in 2005 and transformed into a wiki. Being a wiki it is easier for people to contribute and should make updating much easier. Matteo Meucci has decided to take on the Testing guide and update it creating the OWASP Testing Guide v2.
Now it's time to create a new Guide, improving each chapter and adding the new testing methodologies.
The OWASP Testing Guide is a defacto web application security assessment guide.
Overview
This projects goal is to create a "best practices" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes how to find certain issues.
Volunteers needed
Positions for v3 of the guide are now open!
If you have knowledge and experience in application testing, and can spare a few hours a week, please do get in touch
Testing Project Phase Three Guide(draft)
This is the working draft of the OWASP Testing Guide v3. Please login to make changes as you see fit. Changes will be vetted by the OWASP Testing Project team.
OWASP Testing Guide v3 Table of Contents
Project History
OWASP Testing Guide v2 (stable release)
10th February 2007: The OWASP Testing Guide v2 is now published Matteo Meucci (as part of his AoC project) has just published the latest version of Testing guide which:
- you can read it on line on the Testing Guide v2 wiki
- or download the Guide in Adobe PDF format or in Ms Doc format
OWASP Testing Guide v2 in Spanish: Now you can get a complete translation in Ms Doc format
For comments or questions, please join the OWASP Testing mailing list, read our archive and share your ideas. Alternatively you can contact Eoin Keary or Matteo Meucci directly.
Here you can find:
The OWASP Testing Guide v2 - Request for Review
10th January 2007: The OWASP Testing Guide v2 is now in its final stages Matteo Meucci (as part of his AoC project) has just published the latest version of Testing guide which:
- you can read it on line on the Testing Guide v2 wiki - 'Release Candidate 1'
- or download the Guide in Adobe PDF format or Ms Doc format
So what we need now (until 10th of February) is for you to review it. Please let us know any mistakes made, and if you feel that there is something missing, please help yourself and edit the relevant WIKI page.
For comments or questions, please use the 'Discussion' pages or email Eoin Keary or Matteo Meucci directly.
The current plan is to create a 'published' version of this guide on the 10th of February which will be sent to all OWASP members in book format.
If you want to participate see the OWASP_Testing_Project_v2.0_-_Review_Guidelines page for the lastest updates
Old Testing Guide Download
A copy of the old guide (The OWASP Testing Guide v1.1) is available [here], it shall also be available in HTML format on the forthcoming OWASP Live CD. A PDF copy shall also be available to download.
OWASP Pen Test Checklist in Italian Sun May 22 10:56:39 EDT 2005 I'm glad to announce we have released OWASP Pen Test Checklist in Italian. Thanks to the Italian Chapter, Massimiliano and Matteo for it's great effort to have this document translated. You can download this version in PDF or Word
Checklist ver 1.17 in Spanish Mon Apr 04 15:37:24 EDT 2005 I'm glad to announce we have released OWASP Pen Test Checklist ver 1.17 in Spanish.Thanks to Pedro, Raul and Rogelio for it's great effort to have this document translated and to Christian by helping out with technical edition. You can download this version PDF or Word
Related
Online Checklist Report Generator is found at yehg.
THE OWASP Testing Project Live CD
The OWASP testing project is currently implementing an Application security Live CD.
LabRat Version 0.8 Alpha is just weeks away from Beta testing*.
The aim of this CD is to have a complete testing suite on one Disk. The CD shall also contain the forthcoming OWASP Testing guide.
The Live CD now has its own section you can find it here: [1]
Feedback and Participation
We hope you find the information in the OWASP Testing project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP Testing mailing list. Thanks!
To join the OWASP Testing mailing list or view the archives, please visit the subscription page.
Articles in category "OWASP Testing Project"
There are 109 articles in this category.
Media in category "OWASP Testing Project"
There is one file in this category.
 |
