WebApp Sec mailing list archives
New PenTest Checklist from OWASP
From: "Jeff Williams" <jeff.williams () owasp org>
Date: Tue, 13 Apr 2004 08:24:37 -0400
Hi, The OWASP Testing Project is pleased to release this new checklist to help organizations who are interested in performing or contracting for penetration testing on their web applications. You can download the new checklist from The OWASP Foundation website at http://www.owasp.org. This checklist provides issues that should be tested. It does not prescribe techniques that should be used. The Testing Project has two major parts. Part One will be released soon and will focus on principles, scope, and technique of web application security testing. Part Two will cover how to test for specific technical issues such as SQL Injection and will cover code review, run-time analysis and penetration testing techniques. This checklist will likely become an appendix to Part Two, but we're releasing it early. Many OWASP followers (especially financial services companies) have asked OWASP to develop a checklist that they can use when they undertake penetration testing. The goal is to promote consistency among both internal testing teams and external vendors. As such, this list has been developed to be used in several ways including: - RFP Template - Benchmarks - Testing Checklist Please send constructive feedback to owasp-testing () lists sourceforge net, and thank you for your support of OWASP. --Jeff Jeff Williams Aspect Security, Inc. http://www.aspectsecurity.com
Current thread:
- New PenTest Checklist from OWASP Jeff Williams (Apr 13)