This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Testing Guide v3 Table of Contents"
From OWASP
| Line 5: | Line 5: | ||
You can download the stable version [http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_v2_pdf.zip here] or read it on line [http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents here] | You can download the stable version [http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_v2_pdf.zip here] or read it on line [http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents here] | ||
| − | The new OWASP testing | + | The new OWASP testing Guidev3: |
| − | 1) Authorization testing missing | + | * 1) Authorization testing missing. (new category) |
| − | 2) Information gathering is not a vulnerability not in report Passive mode | + | * 2) Information gathering is not a vulnerability not in report Passive mode |
| − | 3) Business logic testing not in report Passive mode | + | * 3) Business logic testing not in report Passive mode |
| − | 4) Infrastructural test (new | + | * 4) Infrastructural test (new category) |
| − | 5) Web Services section needs improvement | + | * 5) Web Services section needs improvement |
| − | 6) AJAX Testing section needs improvement | + | * 6) AJAX Testing section needs improvement |
| − | 7) New category: Client side Testing | + | * 7) New category: Client side Testing |
| + | |||
Proposed new category for the OTG v3: | Proposed new category for the OTG v3: | ||
* Passive Mode | * Passive Mode | ||
| Line 18: | Line 19: | ||
* Business logic testing | * Business logic testing | ||
* Web Application Penetration Testing | * Web Application Penetration Testing | ||
| − | Infrastructural testing | + | * Infrastructural testing |
| − | Authentication Testing | + | * Authentication Testing |
| − | Authorization Testing | + | * Authorization Testing (new) |
| − | Session Management Testing | + | * Session Management Testing |
| − | Data Validation Testing | + | * Data Validation Testing |
| − | Denial of Service Testing | + | * Denial of Service Testing |
| − | Web Services Testing | + | * Web Services Testing |
| − | Client-Side Testing | + | * Client-Side Testing |
| − | AJAX Testing | + | * AJAX Testing |
| − | Flash Testing | + | * Flash Testing (new) |
[[Category:OWASP Testing Project]] | [[Category:OWASP Testing Project]] | ||
Revision as of 13:52, 26 April 2008
26th April 2008
This is the draft of table of content of the New Testing Guide.
You can download the stable version here or read it on line here
The new OWASP testing Guidev3:
- 1) Authorization testing missing. (new category)
- 2) Information gathering is not a vulnerability not in report Passive mode
- 3) Business logic testing not in report Passive mode
- 4) Infrastructural test (new category)
- 5) Web Services section needs improvement
- 6) AJAX Testing section needs improvement
- 7) New category: Client side Testing
Proposed new category for the OTG v3:
- Passive Mode
- Information Gathering
- Business logic testing
- Web Application Penetration Testing
- Infrastructural testing
- Authentication Testing
- Authorization Testing (new)
- Session Management Testing
- Data Validation Testing
- Denial of Service Testing
- Web Services Testing
- Client-Side Testing
- AJAX Testing
- Flash Testing (new)
