This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Testing Guide v3 Startup"
From OWASP
(New page: == Planning the new OWASP Testing Guide v3 == '''3rd October 2007: Startup v3''' <br> The OWASP Testing Guide v2 was a great success, with thousand download and many many Companies that h...) |
|||
| Line 14: | Line 14: | ||
* Web Services Testing | * Web Services Testing | ||
* AJAX Testing | * AJAX Testing | ||
| + | |||
| + | |||
| + | == Information Gathering == | ||
| + | v2: <br> | ||
| + | Application Fingerprint <br> | ||
| + | Application Discovery <br> | ||
| + | Spidering and googling <br> | ||
| + | Collection of error code <br> | ||
| + | SSL/TLS Testing<br> | ||
| + | DB Listener Testing<br> | ||
| + | File extensions handling<br> | ||
| + | Old, backup and unreferenced files <br> | ||
Revision as of 16:04, 3 October 2007
Planning the new OWASP Testing Guide v3
3rd October 2007: Startup v3
The OWASP Testing Guide v2 was a great success, with thousand download and many many Companies that have adopted it as standard for a Web Application Penetration Testing.
Now we would like to begin a new project that is based on v2 but improve it and complete it.
In the OWASP Testing Guide v2 we have split the set of tests in 8 sub-categories:
- Information Gathering
- Business logic testing
- Authentication Testing
- Session Management Testing
- Data Validation Testing
- Denial of Service Testing
- Web Services Testing
- AJAX Testing
Information Gathering
v2:
Application Fingerprint
Application Discovery
Spidering and googling
Collection of error code
SSL/TLS Testing
DB Listener Testing
File extensions handling
Old, backup and unreferenced files
