This project’s goal is to create a “best practices” web application penetration testing framework which users can implement in their own organizations and a “low level” web application penetration testing guide that describes how to find certain issues.
Version 3 of the Testing Guide was released in last month in December 2008, the project was part of the OWASP Summer of Code, started on April 2008 reviewing the version 2 and improving it.
OWASP Testing Guide v3 is a 349 page book; they have split the set of active tests in 9 sub-categories for a total of 66 controls to test during the Web Application Testing activity.
Each control has an OWASP name, so for example a SQL Injection is called: OWASP-DV-005, meaning that it is the 5th control of the Data Validation category. They got a dream team of 21 authors and 4 reviewers: after 6 months of hard work and great team work we realized the v3.
The Guide is a “live” document: the project always needs your feedback! Please join the testing mailing list and share your ideas here.
You can download OWASP Testing Guide v3 here:
Or read more here.
Recent in Countermeasures:
- Noted Chinese Hacker Wicked Rose Heading Antivirus Company Anvisoft
- HoneyDrive – Honeypots In A Box
- Microsoft Patches Critical Security Vulnerabilities In Windows, Office, IE, Exchange & SQL Server
- The Top 10 PHP Security Vulnerabilities from OWASP
- OWASP – Fortify Bug Taxonomy
- Web Security Dojo – Training Environment For Web Application Security
Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 117,834 views
- Password Hasher Firefox Extension - 115,941 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,461 views