This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Testing Project"

From OWASP

Jump to: navigation, search

Latest revision as of 02:18, 9 February 2017

This project is part of the OWASP Breakers community.
Feel free to browse other projects within the Defenders, Builders, and Breakers communities.

This project has produced a book that can be downloaded or purchased.
Feel free to browse the full catalog of available OWASP books.

Share this:

New OWASP Testing Guide
Old OWASP Testing Guides
Background and Motivation
Project History
Related
Feedback and Participation
Translations
Project About

OWASP Testing Guide v4

ANNOUNCING THE NEW "OWASP TESTING GUIDE v4

17th September, 2014: OWASP is announcing the new OWASP Testing Guide v4.

A big thank you to all the contributors and reviewers!

3rd August 2015, the OWASP Testing Guide v4 book now available!
You can buy the Guide here

Or you can download the Guide here

Or browse the guide on the wiki here

Classifications

OWASP Testing Guide v3

16th December 2008: OWASP Testing Guide v3 is finished!

You can download the Guide in PDF here
Download the presentation here
Browse the Testing Guide v3 on the wiki here

'NEW: OWASP projects and resources you can use TODAY'
16th April 2010 in London, OWASP leaders deliver a course focused on the main OWASP Projects.
Matteo Meucci will deliver a training course on the OWASP Testing Guide v3.
More information here

Video @ FOSDEM 09: here

Citations:

http://www.owasp.org/index.php/Testing_Guide_Quotes

Overview

This project's goal is to create a "best practices" web application penetration testing framework which users can implement in their own organizations and a "low level" web application penetration testing guide that describes how to find certain issues.

Version 3 of the Testing Guide was released in December 2008 after going through a major upgrade through the OWASP Summer of Code 2008.

History Behind Project The OWASP Testing guide originated in 2003 with Dan Cuthbert as one of the original editors. It was handed over to Eoin Keary in 2005 and moved onto the new OWASP wiki when it came online. Being in a wiki is easier for people to contribute and has made updating much easier. Matteo Meucci took on the Testing guide after Eoin and shepherded it through the version 2 and version 3 updates, which have been significant improvements.

OWASP Testing Guide v3

Testing Guide v3: plan (archive)

26th April 2008: Version 3 of the Testing Guide started under OWASP Summer of Code 2008.

6th November 2008: Completed draft created and previewed at OWASP EU Summit 2008 in Portugal.

Final stable release in December 2008

OWASP Testing Guide v2

10th February 2007: The OWASP Testing Guide v2 is now published Matteo Meucci (as part of his AoC project) has just published the latest version of Testing guide which:

you can read it on line on the Testing Guide v2 wiki
or download the Guide in Adobe PDF format or in Ms Doc format

OWASP Testing Guide v2 in Spanish: Now you can get a complete translation in Ms Doc format

For comments or questions, please join the OWASP Testing mailing list, read our archive and share your ideas. Alternatively you can contact Eoin Keary or Matteo Meucci directly.

Here you can find:

We hope you find the information in the OWASP Testing project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP Testing mailing list. Thanks!

To join the OWASP Testing mailing list or view the archives, please visit the subscription page.

Thanks to the translators all around the world you can download the guide in the following languages:

Spanish in PDF or MS Word formats. (v3.0)

Chinese in PDF format. (Thanks to the China-mainland chapter. (v3.0; translation of v4.0 in process)

Japanese in PDF format here (this is a 1st draft of v3.0, final release coming soon).

Hebrew in PDF format (Risk Rating Methodology only for now). Thanks to Tal Argoni from TriadSec.

We invite you to explore and help us translate OWASP Testing Guide 4.0 at Crowdin. Please visit URL below to start translating this project:

https://crowdin.com/project/owasp-testing-guide-40/invite

PROJECT INFO
What does this OWASP project offer you?

RELEASE(S) INFO
What releases are available for this project?

what	is this project?
Name: OWASP Testing Project (home page)
Purpose: The OWASP Testing Guide includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues.
License: Creative Commons Attribution Share Alike 3.0
who	is working on this project?
Project Leader(s): Andrew Muller @ Matteo Meucci @
how	can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Main links: Project Contributors (Full List) Testing Guide's (Version 4.0) Approved Budget
Key Contacts
Contact Andrew Muller @ to contribute to this project Contact Andrew Muller @ to review or sponsor this project

current release

Testing Guide V 4.0 - 15th February 2013 The new project is available here - (no download available)
Release description: Review all the control numbers to adhere to the OWASP Common numbering, Review all the sections in v3, Create a more readable guide, eliminating some sections that are not really useful, Insert new testing techniques: HTTP Verb tampering, HTTP Parameter Pollutions, etc., Rationalize some sections as Session Management Testing, Create a new section: Client side security and Firefox extensions testing.
Rating: Not Reviewed - Assessment Details

last reviewed release

Testing Guide V 3.0 - December 2008 - (download)
Release description: The OWASP Testing Guide v3 is a 349 page book; we have split the set of active tests in 9 sub-categories for a total of 66 controls to test during the Web Application Testing activity.
Rating: Stable Release - Assessment Details

other releases
Testing Guide V 4.0 Testing Guide V 3.0

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Testing_Project&oldid=226182"

Categories:

@@ Line 1: / Line 1: @@
-== Modelo de Auditoría de sistemas:  ==
+{{OWASP Breakers}}
+{{OWASP Book|5691953}}
+{{Social Media Links}}
+= New OWASP Testing Guide  =
+<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=]]</div>
-Éste es un modelo universal para securizar en un alto grado de seguridad al sistema operativo.
+{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
+| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
-#Sistema de cifrado congelado: Mantiene en secreto la ubicación del archivo del sistema, previniendo ataques de tipo monitoreo de redes.
+<div style="font-size:120%;border:none;margin: 0;color:#000">
-#OpenVAS: Línea de comandos para cifrar- descifrar el protocolo TCP/Ip
-#Filtro Web: Previene intrusiones a través de puertos inseguros
-#Clam Antivirus: Previene, detecta y corrige virus informático
-<br>
+== OWASP Testing Guide v4  ==
-{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
-|-
-| Clam Antivirus
-{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
-|-
-| Filtro Web
-{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
-|-
-| OpenVAS
-{| border="1" cellspacing="1" cellpadding="1" width="200" align="center"
-|-
-| Sistema de Cifrado Congelado
-|}
-|}
-|}
+ANNOUNCING THE NEW "OWASP TESTING GUIDE v4
-|}
+th September, 2014: OWASP is announcing the new OWASP Testing Guide v4.<br>
-== Descripción softwares de auditoría  ==
+A big thank you to all the contributors and reviewers!<br>
-*El sistema de cifrado http://truecrypt.org cifra el núcleo del sistema operativo y los discos lógicos impidiendo ataques espía.
+rd August 2015, the OWASP Testing Guide v4 book now available!
+<br>You can buy the Guide [http://www.lulu.com/shop/matteo-meucci-and-andrew-muller/testing-guide-40-release/paperback/product-22294314.html here] <br>
-*Los comandos shell http://openvas.org sirven para analizar protocolos de red, detección de virus y cifrado del protocolo IpV4-6
+<br>Or you can download the Guide [[Media:OTGv4.pdf|here]]<br>
-*El filtro web http://freenetproject.org es una técnica que reemplaza al Firewall, discriminando puertos inseguros, ahorrando tiempo de procesamiento en el núcleo del sistema.
+[[File:OWTGv4 Cover.png]]
-*Clamwin.com es un software de código abierto, no usa computación en la nube y tiene una GUI que detecta virus en línea http://sourceforge.net/projects/clamsentinel
+Or browse the guide on the wiki [https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents here]
-== Macroinformática  ==
+| valign="top"  style="padding-left:25px;width:200px;" |
-La macroinformática comprende eficiencia, seguridad y naturaleza. La eficacia de un sistema operativo se mide por la interacción hombre-máquina, sintetizando aplicaciones minimalistas y ejecutándolas nuestro sistema operativo procesará los datos eficientemente, ejemplos:
+==Classifications==
-*Transmisión cifrada: Cliente e-mail con GnuPG
+   {| width="200" cellpadding="2"
+   |-
-http://fellowship.fsfe.org
+   | align="center" valign="top" rowspan="2" width="50%" | [[File:Owasp-flagship-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
+   | align="center" valign="center" width="50%"| [[File:Owasp-breakers-small.png|link=https://www.owasp.org/index.php/Breakers]]
-*Sistema de cifrado: Cifra y descifra texto plano, imágenes, etc..
+   |
+   |-
-#ftp://ftp.gnupg.org/gcrypt/binary/gnupg-w32cli-1.4.11.exe
+   | align="center" valign="center" width="50%"|
-#http://cryptophane.googlecode.com/files/cryptophane-0.7.0.exe
+   |-
+   | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
-*Ruby: Lenguaje de programación experimental
+   |-
+   | colspan="2" align="center"  | [[File:Project_Type_Files_DOC.jpg|link=]]
-http://ruby-lang.org
+   |}
+|}
-*J2re1.3.1_20: Ejecutable de objetos interactivos o applets
+= Old OWASP Testing Guides =
-http://java.sun.com/products/archive/j2se/1.3.1_20/index.html
+== OWASP Testing Guide v3  ==
-*Escritorio: Gestor de ventanas X11
+th December 2008: OWASP Testing Guide v3 is finished!<br>
-http://windowmaker.info
+*You can download the Guide in PDF [http://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf here]
+*Download the presentation [https://www.owasp.org/images/2/2c/OWASP_EU_Summit_2008_OWASP_Testing_Guide_v3.ppt here]
+*Browse the Testing Guide v3 on the wiki [https://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Table_of_Contents here]
-*Gnuzilla: Navegador seguro y de uso libre
+''''NEW: OWASP projects and resources you can use TODAY''''<br>
+th April 2010 in London, OWASP leaders deliver a course focused on the main OWASP Projects.<br>
+Matteo Meucci will deliver a training course on the OWASP Testing Guide v3. <br>
+More information [http://www.owasp.org/index.php/London/Training/OWASP_projects_and_resources_you_can_use_TODAY here]
-http://code.google.com/p/iceweaselwindows/downloads/list
+Video @ FOSDEM 09: [http://fosdem.unixheads.org/2009/maintracks/owasp.ogv here]
-*Gnupdf: Visor de formato de texto universal pdf
+Citations:
-http://blog.kowalczyk.info/software/sumatrapdf
+http://www.owasp.org/index.php/Testing_Guide_Quotes
-*Gnuflash: Jugador alternativo a flash player
+== Overview  ==
-http://gnu.org/software/gnash
+This project's goal is to create a "best practices" web application penetration testing framework which users can implement in their own organizations and a "low level" web application penetration testing guide that describes how to find certain issues.
-*Zinf: Reproductor de audio
+Version 3 of the Testing Guide was released in December 2008 after going through a major upgrade through the [[OWASP Summer of Code 2008]].
-http://zinf.org
+= Background and Motivation  =
-*Informática forense: Análisis de datos ocultos en el disco duro
+'''History Behind Project''' The OWASP Testing guide originated in 2003 with Dan Cuthbert as one of the original editors. It was handed over to [[User:EoinKeary|Eoin Keary]] in 2005 and moved onto the new OWASP wiki when it came online. Being in a wiki is easier for people to contribute and has made updating much easier. [[User:Mmeucci|Matteo Meucci]] took on the Testing guide after Eoin and shepherded it through the version 2 and version 3 updates, which have been significant improvements.
-http://sleuthkit.org
+= Project History  =
-*Compresor: Comprime datos sobreescribiendo bytes repetidos
+== OWASP Testing Guide v3  ==
-http://peazip.sourceforge.net
+Testing Guide v3: plan (archive)
-*Ftp: Gestor de descarga de archivos
+th April 2008: Version 3 of the Testing Guide started under [[OWASP Summer of Code 2008]].
-http://dfast.sourceforge.net
+th November 2008: Completed draft created and previewed at [[OWASP EU Summit 2008|OWASP EU Summit 2008 in Portugal]].
-*AntiKeylogger: Neutraliza el seguimiento de escritorios remotos (Monitoring)
+Final stable release in December 2008
-http://psmantikeyloger.sourceforge.net
+== OWASP Testing Guide v2  ==
-*Password manager: Gestión de contraseñas
+'''10th February 2007: The OWASP Testing Guide v2 is now published''' [[User:Mmeucci|Matteo Meucci]] (as part of his [[OWASP Autumn of Code 2006 - Projects: Testing Guide|AoC project]]) has just published the latest version of Testing guide which:
-http://passwordsafe.sourceforge.net
+*you can read it on line on the [http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents Testing Guide v2 wiki]
+*or download the Guide in [http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_v2_pdf.zip Adobe PDF format] or in [http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_v2_doc.zip Ms Doc format]
-*Limpiador de disco: Borra archivos innecesrios del sistema
+'''OWASP Testing Guide v2 in Spanish:''' Now you can get a complete translation in [http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_v2_spanish_doc.zip Ms Doc format]
-http://bleachbit.sourceforge.net
+For comments or questions, please join the [http://lists.owasp.org/mailman/listinfo/owasp-testing OWASP Testing mailing list], read our archive and share your ideas. Alternatively you can contact [[User:EoinKeary|Eoin Keary]] or [[User:Mmeucci|Matteo Meucci]] directly.
-*Desfragmentador: Reordena los archivos del disco duro, generando espacio virtual
+Here you can find:
-http://kessels.com/jkdefrag
+*[http://www.owasp.org/index.php/Testing_Guide_Quotes The OWASP Testing Guide 'Quotes']
+*[http://www.owasp.org/index.php/OWASP_Testing_Guide_Presentations Testing Guide presentations]
-*X11: Gestor de ventanas, reemplazo de escritorio Xwindow's
+= Related  =
-http://bb4win.org
+'''OWASP Testing Guide (v2+v3) Report Generator''' is found at [http://yehg.net/lab/#wasarg http://yehg.net/lab/#wasarg].
-*Open Hardware: Hardware construído por la comunidad Linux
+'''THE OWASP Testing Project Live CD''' The OWASP testing project is currently implementing an Application security Live CD. <br> LabRat Version 0.8 Alpha is just weeks away from Beta testing*.
-http://open-pc.com
+The aim of this CD is to have a complete testing suite on one Disk. The CD shall also contain the forthcoming OWASP Testing guide.
-*Open WRT: Firmware libre para configurar transmisión de Internet
+The Live CD now has its own section you can find it here: [http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project]
-http://openwrt.org
+= Feedback and Participation  =
-*Gnu- Linux: Sistema operativo universal
+We hope you find the information in the OWASP Testing project useful. Please contribute back to the project by sending your comments, questions, and suggestions to the OWASP Testing mailing list. Thanks!
-http://gnewsense.org
+To join the OWASP Testing mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-testing subscription page].
-== Biocriptoseguridad ==: Es la unión de la biología, criptografía y hacking ético para formar una defensa stándar contra virus complejos.
+= Translations =
-Implementación de la biocriptoseguridad informática:
+Thanks to the translators all around the world you can download the guide in the following languages:
-#Amplificar la banda ancha
+* Spanish in [http://www.owasp.org/images/8/80/Gu%C3%ADa_de_pruebas_de_OWASP_ver_3.0.pdf PDF] or [http://www.owasp.org/images/d/d7/Gu%C3%ADa_de_pruebas_de_OWASP_ver_3.0.zip MS Word] formats. (v3.0)
-#Optimizar (limpiar- modificar) el sistema operativo
-#Desfragmentar los discos lógicos
-#Ocultar el sistema operativo
-#Configurar antivirus
-#Limpiar y desfragmentar
-#Congelar
-*Sistema inmune._ Defensa biológica natural contra infecciones como virus http://immunet.com
+* Chinese in [http://www.owasp.org/images/0/06/OWASP%E6%B5%8B%E8%AF%95%E6%8C%87%E5%8D%97%28%E4%B8%AD%E6%96%87%EF%BC%89.pdf PDF] format. (Thanks to the [http://www.owasp.org/index.php/China-Mainland China-mainland chapter]. (v3.0;  translation of v4.0 in process)
-*Criptografía._ Método de escritura oculta por caractes, números y letras:—{H}/gJa¢K¡Ng÷752%\*)A>¡#(W|a— http://diskcryptor.net
+* Japanese in [http://www.owasp.org/images/1/1e/OTGv3Japanese.pdf PDF] format here (this is a 1st draft of v3.0, final release coming soon).
-*Hacking ético._ Auditoría de sistemas informáticos que preserva la integridad de los datos.
+* '''Hebrew''' in [[Media:OWASP_Risk_Rating_Methodology-Hebrew.pdf|PDF format]] (Risk Rating Methodology only for now). Thanks to Tal Argoni from TriadSec.
-Congelador: Mantiene el equilibrio en la integridad de los datos, el sistema operativo, red , memoria ram, ciclos de CPU, espacio en disco duro e incidencias de malware
+We invite you to explore and help us translate OWASP Testing Guide 4.0 at Crowdin. Please visit URL below to start translating this project:
-*http://code.google.com/p/hzr312001/downloads/detail?name=Deep%20systemze%20Standard%20Version%206.51.020.2725.rar&amp;can=2&amp;q= (para Window's)
+https://crowdin.com/project/owasp-testing-guide-40/invite
-*http://sourceforge.net/projects/lethe (para GNU/Linux)
-<br>Auditoría de virus cifrado._ Un criptovirus se oculta tras un algoritmo de criptografía, generalmente es híbrido simétrico-asimétrico con una extensión de 1700bit's, burla los escáneres antivirus con la aleatoriedad de cifrado, facilitando la expansión de las botnet's. La solución es crear un sistema operativo transparente, anonimizarlo y usar herramientas de cifrado stándar de uso libre:
+= Project About =
+{{:Projects/OWASP Testing Project | Project About}}
-*Gnupg: Sirve para cifrar mensajes de correo electrónico http://gpg4win.org/download.html
-*Open Secure Shell: Ofuscador TcpIp, protege el túnel de comunicación digital cifrando la Ip. http://openvas.org
+__NOTOC__
+<headertabs />
-*Red protegida: DNS libre http://namespace.org/switch
-*Criptosistema simétrico: Encapsula el disco duro, incluyendo el sistema operativo,usando algoritmo Twofish http://truecrypt.org/downloads.php
-*Proxy cifrado: Autenticación de usuario anónimo http://torproject.org
-Energías renovables._ Son energías adquiridas por medios naturales: hidrógeno, aire, sol que disminuyen la toxicidad de las emisiones de Co2 en el medio ambiente, impulsando políticas ecologistas contribuímos a preservar el ecosistema. Ejm: Usando paneles solares fotovoltaicos.
+[[Category:OWASP_Project|Testing Guide]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document|OWASP Stable Quality Document]] [[Category:SAMM-ST-1]]

Difference between revisions of "OWASP Testing Project"

Latest revision as of 02:18, 9 February 2017

OWASP Testing Guide v4

Classifications

OWASP Testing Guide v3

Overview

OWASP Testing Guide v3

OWASP Testing Guide v2

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools