Testing Guide Frontispiece

Welcome to the OWASP Testing Guide 4.0
“Open and collaborative knowledge: that is the OWASP way.” With V4 we realized a new guide that will be the standard de-facto guide to perform Web Application Penetration Testing. -- Matteo Meucci

OWASP thanks the many authors, reviewers, and editors for their hard work in bringing this guide to where it is today. If you have any comments or suggestions on the Testing Guide, please e-mail the Testing Guide mail list:

http://lists.owasp.org/mailman/listinfo/owasp-testing

Or drop an e-mail to the project leaders: [mailto:andrew.muller@owasp.org Andrew Muller] [mailto:matteo.meucci@owasp.org Matteo Meucci]

Version 4.0
The OWASP Testing Guide version 4 improves on version 3 and creates new sections and controls.

This new version has added the following chapters: - Identity Management Testing - Error Handling - Cryptography - Client Side Testing

All the other chapters have been improved and there are now 87 controls (64 controls in v3).

Copyright and License
Copyright (c) 2014 The OWASP Foundation.

This document is released under the Creative Commons 2.5 License. Please read and understand the license and copyright conditions.

Revision History
The Testing Guide v4 will be released in 2014. The Testing guide originated in 2003 with Dan Cuthbert as one of the original editors. It was handed over to Eoin Keary in 2005 and transformed into a wiki. Matteo Meucci has taken on the Testing guide and is now the lead of the OWASP Testing Guide Project. From 2012 Andrew Muller co-leadership the project with Matteo Meucci.


 * 2014
 * "OWASP Testing Guide", Version 4.0


 * 15th September, 2008
 * "OWASP Testing Guide", Version 3.0


 * December 25, 2006
 * "OWASP Testing Guide", Version 2.0


 * July 14, 2004
 * "OWASP Web Application Penetration Checklist", Version 1.1


 * December 2004
 * "The OWASP Testing Guide", Version 1.0

Editors
Andrew Muller: OWASP Testing Guide Lead since 2013.

Matteo Meucci: OWASP Testing Guide Lead since 2007. 

Eoin Keary: OWASP Testing Guide 2005-2007 Lead.

Daniel Cuthbert: OWASP Testing Guide 2003-2005 Lead.

v4 Authors
TODO

Trademarks

 * Java, Java Web Server, and JSP are registered trademarks of Sun Microsystems, Inc.
 * Merriam-Webster is a trademark of Merriam-Webster, Inc.
 * Microsoft is a registered trademark of Microsoft Corporation.
 * Octave is a service mark of Carnegie Mellon University.
 * VeriSign and Thawte are registered trademarks of VeriSign, Inc.
 * Visa is a registered trademark of VISA USA.
 * OWASP is a registered trademark of the OWASP Foundation

All other products and company names may be trademarks of their respective owners. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark.