HackDig : Dig high-quality web security articles for hacker

OWASP Testing Guide v4

2014-10-07 19:50

The OWASP Testing Guide team of volunteers has announced the publication of version 4 of the OWASP Testing Guide.

Partial view of the OWASP Testing Guide's contents showing the new formatting and typography

The creation of version 4 (PDF, HTML) lead by Andrew Muller and Matteo Meucci. The guide is the de-facto standard for performing web application penetration testing.

Following an initial overview, introduction and discussion of testing objectives, the testing guidance is structured in eleven main sections:

  • Information gathering
  • Configuration and deployment management testing
  • Identity management testing
  • Authentication testing
  • Authorization testing
  • Session management testing
  • Input validation testing
  • Testing for error handling
  • Testing for weak cryptography
  • Business logic testing
  • Client side testing.

The previous edition was a large step forward in the maturity of the testing guide, and this version 4 goes further. Congratulations to everyone involved.

If you are looking for what to test, and how to build a software security programme, see also these two other OWASP documents respectively:

All OWASP materials are free to download and use.

Source: 4v-ediuG-gnitseT-PSAWO/7/01/4102/ku.rellewdnekrelc.www

Read:2922 | Comments:0 | Tags:vulnerabilities technical standards procedures testing

“OWASP Testing Guide v4”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)


Tag Cloud