02.23.07

OWASP Testing Guide Released

Posted in IT, Security at 1:25 pm by Tyler Reguly

I know I'm a little slow and by now most of you are probably aware of this... I got the email three days ago and put it to the side (I was out of town for two of them)... Anyways I'm writing about it now.

OWASP has released a new guide which is best described in the release email:

The OWASP Testing Guide includes a "best practice" penetration testing
framework which users can implement in their own organizations and a
"low level" penetration testing guide that describes techniques for
testing most common web application and web service security issues.

It can be downloaded in both PDF and DOC and it can also be viewed from the OWASP website..

OWASP is currently looking for assistance with this "272 pages high quality document, with 46 controls divided into 8 categories".

Some of the help they are looking for:

*** Continuously Improve the Guide.
The Guide is a "live" document: we always need your feedback! Please
join our testing mailing list and share your ideas with us. The next
step is to begin working on the new version: one issue that will be
improved is the client side testing.
http://lists.owasp.org/mailman/listinfo/owasp-testing

*** Promote the Testing Guide
We would like to have some more media coverage on the guide, so
please, if you know somebody in there put them in touch. If you have
the chance, you can write an article about the Testing Guide and the
new OWASP Projects. Also you can pick up the OWASP Testing Guide
presentations and talk about it in local conferences and Chapter
meetings.
http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_Presentation.zip

*** Translate the Guide into your Local Language
If you'd like to translate the Testing Guide in your local language,
please contact us.

*** Add 'Quotes' to the Guide.
If you've used the guide and can share your experience, we'd love to
hear from you. You can add your quote to the OWASP wiki here:
http://www.owasp.org/index.php/Testing_Guide_Quotes

I will provide additional thoughts and feedback when I've had time to full read and digest the document.