This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP Testing Project"
(→Contributors) |
(→Volunteers needed) |
||
Line 39: | Line 39: | ||
==Volunteers needed== | ==Volunteers needed== | ||
− | + | Contact Matteo if you want to get involved in the AoC project, via the testing mail list. | |
− | |||
− | Work is underway on the | + | Work is underway on the Autumn of Code phase of the testing guide, and we would love to hear from volunteers who could offer their knowledge in creating this phase. |
− | + | If you have knowledge and experience in application testing, and can spare a few hours a week, please do get in [mailto:eoin.keary@owasp.org touch] | |
− | If | ||
− | |||
− | |||
==Testing Project Phase Two Guide(Current) == | ==Testing Project Phase Two Guide(Current) == |
Revision as of 12:50, 11 October 2006
News
The OWASP Testing Guide is now undergoing an overhaul as part of the OWASP Autumn of Code. This project shall be lead by technical lead Matteo Meucci.
The first Draft of the new Testing Guide 2.0 is available below.
Plese referer to AoC Testing Guide for the new updated project.
This new revised version shall be complete by the 31/12/2006. It shall be a defacto web application security assessment guide.
Overview
This projects goal is to create a "best practices" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes how to find certain issues.
Contributors
The technical lead for the Autumn of Code testing guide re-development is Matteo Meucci.
Currently there are many people helping out when they can. The Project lead is Eoin Keary. There are still lots of areas to be covered. To contribute please email Eoin
Varun Uppal, Dan Cuthbert, Jeff Williams, Larry Shields, Josh Perrymon (Live CD), Weilin Zhong, Ralph M. Los, Glyn Geoghegan, Javier Fernandez-Sanguino, Mauro Bregolin, Alberto Revelli, Matteo Meucci, Syed Mohamed, Harinath Pudipeddi...........
Volunteers needed
Contact Matteo if you want to get involved in the AoC project, via the testing mail list.
Work is underway on the Autumn of Code phase of the testing guide, and we would love to hear from volunteers who could offer their knowledge in creating this phase.
If you have knowledge and experience in application testing, and can spare a few hours a week, please do get in touch
Testing Project Phase Two Guide(Current)
This is the working (current) draft of the OWASP Testing Guide. Please login to make changes as you see fit. Changes will be vetted by the OWASP Testing Project team.
OWASP Testing Project Phase Two Guide Table of Contents
OWASP Testing Guide v2 Table of Contents
Testing Guide Download
This is a copy of the old guide: OWASP Testing Guide
The new guide is more extensive and in wiki format: OWASP_Testing_Guide_Table_of_Contents
Downloads and Materials
You can download project releases from the OWASP download center.
THE OWASP Testing Project Live CD
The OWASP testing project is currently implementing an Application security Live CD.
LabRat Version 0.8 Alpha is just weeks away from Beta testing*.
The aim of this CD is to have a complete testing suite on one Disk. The CD shall also contain the forthcoming OWASP Testing guide.
The Live CD now has its own section you can find it here: [1]
Newest Release
December 13, 2004 - Phase One Released We are glad to announce that The OWASP Testing Project Phase One has finally been released. This covers the processes involved in testing web applications:
- The scope of what to test
- Principles of testing
- Testing techniques explained
- The OWASP testing framework explained.
This document is designed to help organizations understand what comprises a testing program, and to help them identify the steps that they need to undertake to build and operate that testing program on their web application
You can now download phase one from the OWASP download centre.
Roadmap
View the OWASP Testing Project Roadmap
News
OWASP Pen Test Checklist in Italian Sun May 22 10:56:39 EDT 2005 I'm glad to announce we have released OWASP Pen Test Checklist in Italian. Thanks to the Italian Chapter, Massimiliano and Mateo for it's great effort to have this document translated. You can download this verion inPDF or Word
Checklist ver 1.17 in Spanish Mon Apr 04 15:37:24 EDT 2005 I'm glad to announce we have released OWASP Pen Test Checklist ver 1.17 in Spanish.Thanks to Pedro, Raul and Rogelio for it's great effort to have this document translated and to Christian by helping out with technical edition. You can download this verion PDF or Word
Project Contributors
Contributors
Feedback and Participation
We hope you find the information in the OWASP Testing project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP Testing mailing list. Thanks!
To join the OWASP Testing mailing list or view the archives, please visit the subscription page.
Pages in category "OWASP Testing Project"
The following 45 pages are in this category, out of 245 total.
(previous page) (next page)T
- Testing for Weak or unenforced username policy (OTG-IDENT-005)
- Testing for weak password change or reset functionalities (OTG-AUTHN-009)
- Testing for Weak password policy (OTG-AUTHN-007)
- Testing for Weak security question/answer (OTG-AUTHN-008)
- Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection (OTG-CRYPST-001)
- Testing for Weaker authentication in alternative channel (OTG-AUTHN-010)
- Testing for Web Application Fingerprint (OWASP-IG-004)
- Testing for Web Server Fingerprint (OWASP-IG-010)
- Testing for Web Services
- Testing for Writing User Provided Data to Disk (OWASP-DS-006)
- Testing for WS HTTP GET parameters/REST attacks (OWASP-WS-005)
- Testing for WS Replay (OWASP-WS-007)
- Testing for XML Content-Level (OWASP-WS-004)
- Testing for XML Injection (OTG-INPVAL-008)
- Testing for XML Structural (OWASP-WS-003)
- Testing for XPath Injection (OTG-INPVAL-010)
- Testing fot Privilege escalation
- Testing Guide Foreword
- Testing Guide Frontispiece
- Testing Guide Introduction
- Testing Guide Quotes
- Testing Identity Management
- Testing Information Gathering
- Testing Multiple Factors Authentication (OWASP-AT-009)
- Testing WebSockets (OTG-CLIENT-010)
- Testing WSDL (OWASP-WS-002)
- Testing: Information Gathering
- Testing: Introduction and objectives
- Testing: Spidering and googling
- Testing: WS Information Gathering (OWASP-WS-001)
- The OWASP Testing Framework
W
- Weak XML Structure Testing (OWASP-WS-005)
- Web Application Penetration Testing
- Web Service (XML Interpreter)
- Webscarab XSS-CRLF plugin
- Writing Reports: value the real risk
- WS Authentication Testing (OWASP-WS-003)
- WS BEPL Testing (OWASP-WS-010)
- WS HTTP GET Parameters/REST Testing (OWASP-WS-007)
- WS Information Gathering (OWASP-WS-002)
- WS Management Interface Testing (OWASP-WS-004)
- WS Naughty SOAP Attachment Testing (OWASP-WS-008)
- WS Replay/MiTM Testing (OWASP-WS-009)
Media in category "OWASP Testing Project"
This category contains only the following file.