Difference between revisions of "OWASP Testing Project"

From OWASP
Jump to: navigation, search
m (Add 'OWASP Breakers' template tag)
 
(2 intermediate revisions by one user not shown)
Line 1: Line 1:
{{OWASP Book|5691953}}  
+
{{OWASP Breakers}}
==== Main  ====
+
{{OWASP Book|5691953}}
 
{{Social Media Links}}
 
{{Social Media Links}}
  
== Welcome to the new OWASP Testing Guide  ==
+
= New OWASP Testing Guide  =
  
=== OWASP Testing Guide v4  ===
+
== OWASP Testing Guide v4  ==
  
 
We are writing the new guide!<br>
 
We are writing the new guide!<br>
Line 12: Line 12:
 
[http://www.owasp.org/images/b/b2/OWASP_Testing_Guide_-_OWASP_Summit_2011.pdf | Roadmap has been defined at the OWASP Summit 2011. Here you can see the last presentation we did].
 
[http://www.owasp.org/images/b/b2/OWASP_Testing_Guide_-_OWASP_Summit_2011.pdf | Roadmap has been defined at the OWASP Summit 2011. Here you can see the last presentation we did].
  
=== OWASP Testing Guide v3  ===
+
= Old OWASP Testing Guides =
 +
 
 +
== OWASP Testing Guide v3  ==
  
 
16th December 2008: OWASP Testing Guide v3 is finished!<br>  
 
16th December 2008: OWASP Testing Guide v3 is finished!<br>  
Line 31: Line 33:
 
http://www.owasp.org/index.php/Testing_Guide_Quotes
 
http://www.owasp.org/index.php/Testing_Guide_Quotes
  
=== Overview  ===
+
== Overview  ==
  
 
This project's goal is to create a "best practices" web application penetration testing framework which users can implement in their own organizations and a "low level" web application penetration testing guide that describes how to find certain issues.  
 
This project's goal is to create a "best practices" web application penetration testing framework which users can implement in their own organizations and a "low level" web application penetration testing guide that describes how to find certain issues.  
Line 37: Line 39:
 
Version 3 of the Testing Guide was released in December 2008 after going through a major upgrade through the [[OWASP Summer of Code 2008]].  
 
Version 3 of the Testing Guide was released in December 2008 after going through a major upgrade through the [[OWASP Summer of Code 2008]].  
  
=== Background and Motivation  ===
+
= Background and Motivation  =
  
 
'''History Behind Project''' The OWASP Testing guide originated in 2003 with Dan Cuthbert as one of the original editors. It was handed over to [[User:EoinKeary|Eoin Keary]] in 2005 and moved onto the new OWASP wiki when it came online. Being in a wiki is easier for people to contribute and has made updating much easier. [[User:Mmeucci|Matteo Meucci]] took on the Testing guide after Eoin and shepherded it through the version 2 and version 3 updates, which have been significant improvements.  
 
'''History Behind Project''' The OWASP Testing guide originated in 2003 with Dan Cuthbert as one of the original editors. It was handed over to [[User:EoinKeary|Eoin Keary]] in 2005 and moved onto the new OWASP wiki when it came online. Being in a wiki is easier for people to contribute and has made updating much easier. [[User:Mmeucci|Matteo Meucci]] took on the Testing guide after Eoin and shepherded it through the version 2 and version 3 updates, which have been significant improvements.  
  
== Project History  ==
+
= Project History  =
  
=== OWASP Testing Guide v3  ===
+
== OWASP Testing Guide v3  ==
  
 
Testing Guide v3: plan (archive)  
 
Testing Guide v3: plan (archive)  
Line 53: Line 55:
 
Final stable release in December 2008  
 
Final stable release in December 2008  
  
=== OWASP Testing Guide v2  ===
+
== OWASP Testing Guide v2  ==
  
 
'''10th February 2007: The OWASP Testing Guide v2 is now published''' [[User:Mmeucci|Matteo Meucci]] (as part of his [[OWASP Autumn of Code 2006 - Projects: Testing Guide|AoC project]]) has just published the latest version of Testing guide which:  
 
'''10th February 2007: The OWASP Testing Guide v2 is now published''' [[User:Mmeucci|Matteo Meucci]] (as part of his [[OWASP Autumn of Code 2006 - Projects: Testing Guide|AoC project]]) has just published the latest version of Testing guide which:  
Line 69: Line 71:
 
*[http://www.owasp.org/index.php/OWASP_Testing_Guide_Presentations Testing Guide presentations]
 
*[http://www.owasp.org/index.php/OWASP_Testing_Guide_Presentations Testing Guide presentations]
  
<br>
+
= Related  =
 
+
=== The OWASP Testing Guide v2 - Request for Review  ===
+
 
+
'''10th January 2007: The OWASP Testing Guide v2 is now in its final stages''' [[User:Mmeucci|Matteo Meucci]] (as part of his [[OWASP Autumn of Code 2006 - Projects: Testing Guide|AoC project]]) has just published the latest version of Testing guide which:
+
 
+
*you can read it on line on the [http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents Testing Guide v2 wiki - 'Release Candidate 1']
+
*or download the Guide in [http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_v2_RC1_pdf.zip Adobe PDF format] or [http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_v2_RC1_doc.zip Ms Doc format]
+
 
+
'''So what we need now (until 10th of February) is for you to review it.''' Please let us know any mistakes made, and if you feel that there is something missing, please help yourself and edit the relevant WIKI page.
+
 
+
For comments or questions, please use the 'Discussion' pages or email [[User:EoinKeary|Eoin Keary]] or [[User:Mmeucci|Matteo Meucci]] directly.
+
 
+
The current plan is to create a 'published' version of this guide on the 10th of February which will be sent to all OWASP members in book format.
+
 
+
If you want to participate see the [[OWASP Testing Project v2.0 - Review Guidelines]] page for the lastest updates
+
 
+
<br>
+
 
+
=== Old Testing Guide Download  ===
+
 
+
A copy of the old guide (The OWASP Testing Guide v1.1) is available [[http://prdownloads.sourceforge.net/owasp/OWASPWebAppPenTestList1.1.pdf?download here]], it shall also be available in HTML format on the forthcoming OWASP Live CD. A PDF copy shall also be available to download.
+
 
+
'''OWASP Pen Test Checklist in Italian''' Sun May 22 10:56:39 EDT 2005 I'm glad to announce we have released OWASP Pen Test Checklist in Italian. Thanks to the Italian Chapter, Massimiliano and Matteo for it's great effort to have this document translated. You can download this version in [http://www.owasp.org/docroot/owasp/misc/OWASPWebAppPenTestList1.1_ITA.pdf PDF] or [http://www.owasp.org/docroot/owasp/misc/OWASPWebAppPenTestList1.1_ITA.doc Word]
+
 
+
'''Checklist ver 1.17 in Spanish''' Mon Apr 04 15:37:24 EDT 2005 I'm glad to announce we have released OWASP Pen Test Checklist ver 1.17 in Spanish.Thanks to Pedro, Raul and Rogelio for it's great effort to have this document translated and to Christian by helping out with technical edition. You can download this version [http://www.owasp.org/docroot/owasp/misc/testing_spanish.pdf PDF] or [http://www.owasp.org/docroot/owasp/misc/testing_spanish.doc Word]
+
 
+
<br>
+
 
+
=== Related  ===
+
  
 
'''OWASP Testing Guide (v2+v3) Report Generator''' is found at [http://yehg.net/lab/#wasarg http://yehg.net/lab/#wasarg].  
 
'''OWASP Testing Guide (v2+v3) Report Generator''' is found at [http://yehg.net/lab/#wasarg http://yehg.net/lab/#wasarg].  
Line 108: Line 81:
 
The Live CD now has its own section you can find it here: [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project]  
 
The Live CD now has its own section you can find it here: [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project]  
  
== Feedback and Participation  ==
+
= Feedback and Participation  =
  
 
We hope you find the information in the OWASP Testing project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP Testing mailing list. Thanks!  
 
We hope you find the information in the OWASP Testing project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP Testing mailing list. Thanks!  
Line 114: Line 87:
 
To join the OWASP Testing mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-testing subscription page].  
 
To join the OWASP Testing mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-testing subscription page].  
  
==== Translations ====
+
= Translations =
  
 
Thanks to the translators all around the world you can download the guide in the following languages:
 
Thanks to the translators all around the world you can download the guide in the following languages:
Line 124: Line 97:
 
* Japanese in [http://www.owasp.org/images/1/1e/OTGv3Japanese.pdf PDF] format here (this is a 1st draft, final release coming soon).  
 
* Japanese in [http://www.owasp.org/images/1/1e/OTGv3Japanese.pdf PDF] format here (this is a 1st draft, final release coming soon).  
  
 
+
= Project About =
==== Project About ====
+
 
{{:Projects/OWASP Testing Project | Project About}}
 
{{:Projects/OWASP Testing Project | Project About}}
  
__NOTOC__ <headertabs />
+
__NOTOC__  
 +
<headertabs />
 +
 
  
  
 
[[Category:OWASP_Project|Testing Guide]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document|OWASP Stable Quality Document]]
 
[[Category:OWASP_Project|Testing Guide]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document|OWASP Stable Quality Document]]

Latest revision as of 18:00, 17 September 2013

This project is part of the OWASP Breakers community.
Feel free to browse other projects within the Defenders, Builders, and Breakers communities.
OWASP Books logo.png This project has produced a book that can be downloaded or purchased.
Feel free to browse the full catalog of available OWASP books.


[edit]

OWASP Testing Guide v3

16th December 2008: OWASP Testing Guide v3 is finished!

  • You can download the Guide in PDF here
  • Download the presentation here
  • Browse the Testing Guide v3 on the wiki here

'NEW: OWASP projects and resources you can use TODAY'
16th April 2010 in London, OWASP leaders deliver a course focused on the main OWASP Projects.
Matteo Meucci will deliver a training course on the OWASP Testing Guide v3.
More information here

Video @ FOSDEM 09: here

Citations:

http://www.owasp.org/index.php/Testing_Guide_Quotes

Overview

This project's goal is to create a "best practices" web application penetration testing framework which users can implement in their own organizations and a "low level" web application penetration testing guide that describes how to find certain issues.

Version 3 of the Testing Guide was released in December 2008 after going through a major upgrade through the OWASP Summer of Code 2008.

History Behind Project The OWASP Testing guide originated in 2003 with Dan Cuthbert as one of the original editors. It was handed over to Eoin Keary in 2005 and moved onto the new OWASP wiki when it came online. Being in a wiki is easier for people to contribute and has made updating much easier. Matteo Meucci took on the Testing guide after Eoin and shepherded it through the version 2 and version 3 updates, which have been significant improvements.

OWASP Testing Guide v3

Testing Guide v3: plan (archive)

26th April 2008: Version 3 of the Testing Guide started under OWASP Summer of Code 2008.

6th November 2008: Completed draft created and previewed at OWASP EU Summit 2008 in Portugal.

Final stable release in December 2008

OWASP Testing Guide v2

10th February 2007: The OWASP Testing Guide v2 is now published Matteo Meucci (as part of his AoC project) has just published the latest version of Testing guide which:

OWASP Testing Guide v2 in Spanish: Now you can get a complete translation in Ms Doc format

For comments or questions, please join the OWASP Testing mailing list, read our archive and share your ideas. Alternatively you can contact Eoin Keary or Matteo Meucci directly.

Here you can find:

We hope you find the information in the OWASP Testing project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP Testing mailing list. Thanks!

To join the OWASP Testing mailing list or view the archives, please visit the subscription page.

Thanks to the translators all around the world you can download the guide in the following languages:

  • Japanese in PDF format here (this is a 1st draft, final release coming soon).

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Testing Project (home page)
Purpose:
  • The OWASP Testing Guide includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues.
License: Creative Commons Attribution Share Alike 3.0
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Testing Guide V 4.0 - 15th February 2013

The new project is available here - (no download available)

Release description:
  • Review all the control numbers to adhere to the OWASP Common numbering,
  • Review all the sections in v3,
  • Create a more readable guide, eliminating some sections that are not really useful,
  • Insert new testing techniques: HTTP Verb tampering, HTTP Parameter Pollutions, etc.,
  • Rationalize some sections as Session Management Testing,
  • Create a new section: Client side security and Firefox extensions testing.
Rating: Yellow button.JPG Not Reviewed - Assessment Details
last reviewed release
Testing Guide V 3.0 - December 2008 - (download)
Release description: The OWASP Testing Guide v3 is a 349 page book; we have split the set of active tests in 9 sub-categories for a total of 66 controls to test during the Web Application Testing activity.
Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details


other releases