WebApp Sec mailing list archives

RE: OWASP Web Application Pen Testing Check List

From: "Gaydosh, Adam" <GaydoshA () ctcgsc org>
Date: Mon, 29 Mar 2004 13:39:52 -0500

Here is a pretty extensive list: 
http://www.technicalinfo.net/papers/AssessmentQuestions.html
and an article on 10 PHP issues:
http://www.onlamp.com/pub/a/php/2003/03/20/php_security.html

-----Original Message-----
From: Mark Curphey [mailto:mark () curphey com]
Sent: Friday, March 19, 2004 6:40 PM
To: webappsec () securityfocus com
Subject: OWASP Web Application Pen Testing Check List

We are working towards releasing a Web Application Penetration Testing
Checklist at the same time as OWASP Testing Part 1 (before end 
of month).
The list is a check list of issues you would expect a tester 
to address when
conducting a penetration test. This is a project that people 
specifically
asked for to use when acquiring services or comparing services 
and testing. 

Dan Cuthbert is leading this list and has a good first draft. 
If you have
any lists already developed and would like us to look at them 
and possibly
include them, please email Dan (daniel () deeper co za)

Cheers

Mark

Current thread:

OWASP Web Application Pen Testing Check List Mark Curphey (Mar 19)
- <Possible follow-ups>
- RE: OWASP Web Application Pen Testing Check List Gaydosh, Adam (Mar 29)