This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Testing Guide v3 Table of Contents"
From OWASP
| Line 8: | Line 8: | ||
<br>This [http://www.owasp.org/index.php/Image:Planning_OTGv3.doc document] analyze the OWASP Testing Guide v2 checklist and a plan for create the new v3. | <br>This [http://www.owasp.org/index.php/Image:Planning_OTGv3.doc document] analyze the OWASP Testing Guide v2 checklist and a plan for create the new v3. | ||
| − | + | * 1) Methodical Testing (new category) | |
| − | * | + | * 2) Authorization testing missing. (new category) |
| − | * | + | * 3) Information gathering is not a vulnerability not in report Passive mode |
| − | * | + | * 4) Business logic testing not in report Passive mode |
| − | * | + | * 5) Infrastructural test (new category) |
| − | * | + | * 6) Web Services section needs improvement |
| − | * | + | * 7) AJAX Testing section needs improvement |
| − | * | + | * 8) Testing Methodology section updates (requirements, plans, levels and environments) |
| − | * | + | * 9) New category: Client side Testing |
Proposed new categories for the OTG v3: | Proposed new categories for the OTG v3: | ||
| Line 38: | Line 38: | ||
*** Flash Testing (new) | *** Flash Testing (new) | ||
*** RIA stuff (new) | *** RIA stuff (new) | ||
| − | + | * Assessing Financial Applications (new) | |
| + | ** Regulatory requirements: What to take into consideration | ||
| + | ** Information gathering | ||
| + | ** Assessment tricks and tips | ||
[[Category:OWASP Testing Project]] | [[Category:OWASP Testing Project]] | ||
Revision as of 15:27, 3 May 2008
26th April 2008
This is the draft of table of content of the New Testing Guide.
You can download the stable version here or read it on line here
The new OWASP testing Guidev3:
This document analyze the OWASP Testing Guide v2 checklist and a plan for create the new v3.
- 1) Methodical Testing (new category)
- 2) Authorization testing missing. (new category)
- 3) Information gathering is not a vulnerability not in report Passive mode
- 4) Business logic testing not in report Passive mode
- 5) Infrastructural test (new category)
- 6) Web Services section needs improvement
- 7) AJAX Testing section needs improvement
- 8) Testing Methodology section updates (requirements, plans, levels and environments)
- 9) New category: Client side Testing
Proposed new categories for the OTG v3:
- OTG Form Templates
- OTG Request for Quote (RFQ) (new)
- OTG 3rd Party Assessment Authorization Form (new)
- OTG Sample Report (new)
- Passive Mode
- Information Gathering
- Business logic testing
- Web Application Penetration Testing
- Infrastructural testing
- Authentication Testing
- Authorization Testing (new)
- Session Management Testing
- Data Validation Testing
- Denial of Service Testing
- Web Services Testing
- Client-Side Testing
- AJAX Testing
- Flash Testing (new)
- RIA stuff (new)
- Assessing Financial Applications (new)
- Regulatory requirements: What to take into consideration
- Information gathering
- Assessment tricks and tips
