This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Category talk:OWASP Testing Project

Jump to: navigation, search


Hi all. I ยด ve been having a look at Owasp guide pages and contents, and I have doubts because of typos or perhaps not completely well explained facts. In Dinis Cruz first announcement mail you can read:

The current plan is to create a 'published' version of this guide on the 10th of February which will be sent as a book to all OWASP members

But in that same email, the linked page that targets to reviewing guidelines, I found different dates to the email message. At first I read in timelines section

#  11th January 2007: Review process begins
# 11th January 2007: Review process ends

That I am almost completely secure it is wrong, and so I edited te page to put February the 11th in the reviewing process end. But it keeps mismatching with the time the email says, may you please address this issue? Thank you very much.

I send a copy of this message both to wiki discussion page and email to the guide responsibles.

Version 2 vs Version 1

I was recently reviewing the version 2 testing guide, I was wondering if this is meant to compliment the older version 1 checklists/docs or replace them?

Looking at the reporting table in v2 (pgs 258 to 261) for example, does "OWASP-AT-001 : Default or guessable account" replace the older "OWASP-AUTHN-004 : Default Accounts"?

I'm guessing that v2 replaces the older stuff since there seems to be a lot of overlap, but I wanted to confirm. Kingthorin 14:53, 22 February 2008 (EST)

Answer can be found here: Kingthorin 10:39, 5 March 2008 (EST)