OWASP Testing Guide v3 Table of Contents

26th April 2008 This is the draft of table of content of the New Testing Guide. You can download the stable version or read it on line here

The new OWASP testing Guidev3: This analyze the OWASP Testing Guide v2 checklist and a plan for create the new v3.


 * 1) Authorization testing missing. (new category)
 * 2) Information gathering is not a vulnerability  not in report  Passive mode
 * 3) Business logic testing  not in report  Passive mode
 * 4) Infrastructural test  (new category)
 * 5) Web Services section needs improvement
 * 6) AJAX Testing section needs improvement
 * 7) Testing Methodology section updates (requirements, plans, levels and environments)
 * 8) New category: Client side Testing

Proposed new category for the OTG v3:
 * Passive Mode
 * Information Gathering
 * Business logic testing
 * Web Application Penetration Testing
 * Infrastructural testing
 * Authentication Testing
 * Authorization Testing (new)
 * Session Management Testing
 * Data Validation Testing
 * Denial of Service Testing
 * Web Services Testing
 * Client-Side Testing
 * AJAX Testing
 * Flash Testing (new)
 * RIA stuff (new)