This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Testing Guide Frontispiece"
(→v4 Authors) |
|||
(5 intermediate revisions by 3 users not shown) | |||
Line 3: | Line 3: | ||
==Welcome to the OWASP Testing Guide 4.0== | ==Welcome to the OWASP Testing Guide 4.0== | ||
− | “Open and collaborative knowledge: | + | “Open and collaborative knowledge: that is the OWASP way.”<br> |
+ | With V4 we realized a new guide that will be the standard de-facto guide to perform Web Application Penetration Testing. | ||
-- [[User:Mmeucci|Matteo Meucci]]<br> | -- [[User:Mmeucci|Matteo Meucci]]<br> | ||
+ | |||
OWASP thanks the many authors, reviewers, and editors for their hard work in bringing this guide to where it is today. If you have any comments or suggestions on the Testing Guide, please e-mail the Testing Guide mail list: | OWASP thanks the many authors, reviewers, and editors for their hard work in bringing this guide to where it is today. If you have any comments or suggestions on the Testing Guide, please e-mail the Testing Guide mail list: | ||
Line 13: | Line 15: | ||
[mailto:[email protected] Andrew Muller] | [mailto:[email protected] Andrew Muller] | ||
[mailto:[email protected] Matteo Meucci] | [mailto:[email protected] Matteo Meucci] | ||
+ | |||
==Version 4.0== | ==Version 4.0== | ||
− | The OWASP Testing Guide | + | The OWASP Testing Guide version 4 improves on version 3 in three ways: |
+ | |||
+ | |||
+ | 1. This version of the Testing Guide integrates with the two other flagship OWASP documentation products: the Developers Guide and the Code Review Guide. To achieve this we aligned the testing categories and test numbering with those in other OWASP products. The aim of the Testing and Code Review Guides is to evaluate the security controls described by the Developers Guide. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | All | + | 2. All chapters have been improved and test cases expanded to 87 (64 test cases in v3) including the introduction of four new chapters and controls: <br> |
+ | - Identity Management Testing <br> | ||
+ | - Error Handling <br> | ||
+ | - Cryptography <br> | ||
+ | - Client Side Testing <br> | ||
+ | |||
+ | |||
+ | 3. This version of the Testing Guide encourages the community not to simply accept the test cases outlined in this guide. We encourage security testers to integrate with other software testers and devise test cases specific to the target application. As we find test cases that have wider applicability we encourage the security testing community to share them and contribute them to the Testing Guide. This will continue to build the application security body of knowledge and allow the development of the Testing Guide to be an iterative rather than monolithic process. | ||
+ | |||
==Copyright and License== | ==Copyright and License== | ||
− | Copyright (c) | + | Copyright (c) 2014 The OWASP Foundation. |
This document is released under the [http://creativecommons.org/licenses/by-sa/2.5/ Creative Commons 2.5 License]. Please read and understand the license and copyright conditions. | This document is released under the [http://creativecommons.org/licenses/by-sa/2.5/ Creative Commons 2.5 License]. Please read and understand the license and copyright conditions. | ||
+ | |||
==Revision History == | ==Revision History == | ||
− | The Testing Guide v4 will be released | + | The Testing Guide v4 will be released in 2014. The Testing guide originated in 2003 with Dan Cuthbert as one of the original editors. It was handed over to Eoin Keary in 2005 and transformed into a wiki. Matteo Meucci has taken on the Testing guide and is now the lead of the OWASP Testing Guide Project. From 2012 Andrew Muller co-leadership the project with Matteo Meucci. |
; 2014 | ; 2014 | ||
Line 50: | Line 60: | ||
; December 2004 | ; December 2004 | ||
: "The OWASP Testing Guide", Version 1.0 | : "The OWASP Testing Guide", Version 1.0 | ||
+ | |||
== Editors == | == Editors == | ||
Line 60: | Line 71: | ||
'''Daniel Cuthbert''': OWASP Testing Guide 2003-2005 Lead. | '''Daniel Cuthbert''': OWASP Testing Guide 2003-2005 Lead. | ||
+ | |||
== v4 Authors == | == v4 Authors == | ||
− | + | {| border="0" | |
+ | | valign="top" | | ||
+ | * Matteo Meucci | ||
+ | * Pavol Luptak | ||
+ | * Marco Morana | ||
+ | * Giorgio Fedon | ||
+ | * Stefano Di Paola | ||
+ | * Gianrico Ingrosso | ||
+ | * Giuseppe Bonfà | ||
+ | * Andrew Muller | ||
+ | * Robert Winkel | ||
+ | * Roberto Suggi Liverani | ||
+ | * Robert Smith | ||
+ | * Tripurari Rai | ||
+ | * Thomas Ryan | ||
+ | * Tim Bertels | ||
+ | | valign="top" | | ||
+ | * Cecil Su | ||
+ | * Aung KhAnt | ||
+ | * Norbert Szetei | ||
+ | * Michael Boman | ||
+ | * Wagner Elias | ||
+ | * Kevin Horvat | ||
+ | * Tom Brennan | ||
+ | * Juan Galiana Lara | ||
+ | * Sumit Siddharth | ||
+ | * Mike Hryekewicz | ||
+ | * Simon Bennetts | ||
+ | * Ray Schippers | ||
+ | * Raul Siles | ||
+ | * Jayanta Karmakar | ||
+ | | valign="top" | | ||
+ | * Brad Causey | ||
+ | * Vicente Aguilera | ||
+ | * Ismael Gonçalves | ||
+ | * David Fern | ||
+ | * Tom Eston | ||
+ | * Kevin Horvath | ||
+ | * Rick Mitchell | ||
+ | * Eduardo Castellanos | ||
+ | * Simone Onofri | ||
+ | * Harword Sheen | ||
+ | * Amro AlOlaqi | ||
+ | * Suhas Desai | ||
+ | * Tony Hsu Hsiang Chih | ||
+ | * Ryan Dewhurst | ||
+ | * Zaki Akhmad | ||
+ | | valign="top" | | ||
+ | * Davide Danelon | ||
+ | * Alexander Antukh | ||
+ | * Thomas Kalamaris | ||
+ | * Alexander Vavousis | ||
+ | * Clerkendweller | ||
+ | * Christian Heinrich | ||
+ | * Babu Arokiadas | ||
+ | * Rob Barnes | ||
+ | * Ben Walther | ||
+ | |||
+ | |} | ||
+ | |||
+ | == v4 Reviewers == | ||
+ | |||
+ | {| border="0" | ||
+ | | valign="top" | | ||
+ | * Davide Danelon | ||
+ | * Andrea Rosignoli | ||
+ | * Irene Abezgauz | ||
+ | * Lode Vanstechelman | ||
+ | * Sebastien Gioria | ||
+ | * Yiannis Pavlosoglou | ||
+ | * Aditya Balapure | ||
+ | |} | ||
Line 97: | Line 180: | ||
* Andrew Van der Stock | * Andrew Van der Stock | ||
|} | |} | ||
+ | |||
== v3 Reviewers == | == v3 Reviewers == | ||
Line 110: | Line 194: | ||
* Rick Mitchell | * Rick Mitchell | ||
|} | |} | ||
+ | |||
== v2 Authors == | == v2 Authors == | ||
Line 159: | Line 244: | ||
* Tushar Vartak | * Tushar Vartak | ||
|} | |} | ||
+ | |||
== v2 Reviewers == | == v2 Reviewers == | ||
Line 194: | Line 280: | ||
* Dave Wichers | * Dave Wichers | ||
|} | |} | ||
+ | |||
==Trademarks== | ==Trademarks== | ||
Line 204: | Line 291: | ||
* Visa is a registered trademark of VISA USA. | * Visa is a registered trademark of VISA USA. | ||
* OWASP is a registered trademark of the OWASP Foundation | * OWASP is a registered trademark of the OWASP Foundation | ||
+ | |||
All other products and company names may be trademarks of their respective owners. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark. | All other products and company names may be trademarks of their respective owners. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark. |
Latest revision as of 01:12, 2 April 2016
This article is part of the new OWASP Testing Guide v4.
Back to the OWASP Testing Guide v4 ToC: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Back to the OWASP Testing Guide Project: https://www.owasp.org/index.php/OWASP_Testing_Project
Welcome to the OWASP Testing Guide 4.0
“Open and collaborative knowledge: that is the OWASP way.”
With V4 we realized a new guide that will be the standard de-facto guide to perform Web Application Penetration Testing.
-- Matteo Meucci
OWASP thanks the many authors, reviewers, and editors for their hard work in bringing this guide to where it is today. If you have any comments or suggestions on the Testing Guide, please e-mail the Testing Guide mail list:
http://lists.owasp.org/mailman/listinfo/owasp-testing
Or drop an e-mail to the project leaders: Andrew Muller Matteo Meucci
Version 4.0
The OWASP Testing Guide version 4 improves on version 3 in three ways:
1. This version of the Testing Guide integrates with the two other flagship OWASP documentation products: the Developers Guide and the Code Review Guide. To achieve this we aligned the testing categories and test numbering with those in other OWASP products. The aim of the Testing and Code Review Guides is to evaluate the security controls described by the Developers Guide.
2. All chapters have been improved and test cases expanded to 87 (64 test cases in v3) including the introduction of four new chapters and controls:
- Identity Management Testing
- Error Handling
- Cryptography
- Client Side Testing
3. This version of the Testing Guide encourages the community not to simply accept the test cases outlined in this guide. We encourage security testers to integrate with other software testers and devise test cases specific to the target application. As we find test cases that have wider applicability we encourage the security testing community to share them and contribute them to the Testing Guide. This will continue to build the application security body of knowledge and allow the development of the Testing Guide to be an iterative rather than monolithic process.
Copyright and License
Copyright (c) 2014 The OWASP Foundation.
This document is released under the Creative Commons 2.5 License. Please read and understand the license and copyright conditions.
Revision History
The Testing Guide v4 will be released in 2014. The Testing guide originated in 2003 with Dan Cuthbert as one of the original editors. It was handed over to Eoin Keary in 2005 and transformed into a wiki. Matteo Meucci has taken on the Testing guide and is now the lead of the OWASP Testing Guide Project. From 2012 Andrew Muller co-leadership the project with Matteo Meucci.
- 2014
- "OWASP Testing Guide", Version 4.0
- 15th September, 2008
- "OWASP Testing Guide", Version 3.0
- December 25, 2006
- "OWASP Testing Guide", Version 2.0
- July 14, 2004
- "OWASP Web Application Penetration Checklist", Version 1.1
- December 2004
- "The OWASP Testing Guide", Version 1.0
Editors
Andrew Muller: OWASP Testing Guide Lead since 2013.
Matteo Meucci: OWASP Testing Guide Lead since 2007.
Eoin Keary: OWASP Testing Guide 2005-2007 Lead.
Daniel Cuthbert: OWASP Testing Guide 2003-2005 Lead.
v4 Authors
|
|
|
|
v4 Reviewers
|
v3 Authors
|
|
|
|
|
|
v3 Reviewers
|
|
|
v2 Authors
|
|
|
|
v2 Reviewers
|
|
|
|
|
|
|
|
|
|
Trademarks
- Java, Java Web Server, and JSP are registered trademarks of Sun Microsystems, Inc.
- Merriam-Webster is a trademark of Merriam-Webster, Inc.
- Microsoft is a registered trademark of Microsoft Corporation.
- Octave is a service mark of Carnegie Mellon University.
- VeriSign and Thawte are registered trademarks of VeriSign, Inc.
- Visa is a registered trademark of VISA USA.
- OWASP is a registered trademark of the OWASP Foundation
All other products and company names may be trademarks of their respective owners. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark.