Difference between revisions of "OWASP Testing Guide v3 Startup"

From OWASP
Jump to: navigation, search
(New page: == Planning the new OWASP Testing Guide v3 == '''3rd October 2007: Startup v3''' <br> The OWASP Testing Guide v2 was a great success, with thousand download and many many Companies that h...)
 
Line 14: Line 14:
 
* Web Services Testing  
 
* Web Services Testing  
 
* AJAX Testing
 
* AJAX Testing
 +
 +
 +
== Information Gathering ==
 +
v2: <br>
 +
Application Fingerprint <br>
 +
Application Discovery <br>
 +
Spidering and googling <br>
 +
Collection  of error code <br>
 +
SSL/TLS Testing<br>
 +
DB Listener Testing<br>
 +
File extensions handling<br>
 +
Old, backup and unreferenced files <br>

Revision as of 11:04, 3 October 2007

Planning the new OWASP Testing Guide v3

3rd October 2007: Startup v3
The OWASP Testing Guide v2 was a great success, with thousand download and many many Companies that have adopted it as standard for a Web Application Penetration Testing.
Now we would like to begin a new project that is based on v2 but improve it and complete it.

In the OWASP Testing Guide v2 we have split the set of tests in 8 sub-categories:

  • Information Gathering
  • Business logic testing
  • Authentication Testing
  • Session Management Testing
  • Data Validation Testing
  • Denial of Service Testing
  • Web Services Testing
  • AJAX Testing


Information Gathering

v2:
Application Fingerprint
Application Discovery
Spidering and googling
Collection of error code
SSL/TLS Testing
DB Listener Testing
File extensions handling
Old, backup and unreferenced files