Welcome & OWASP Testing Guide v4



Welcome.

This is my first post. I´d like to share with you some of my experience and thoughts about security, mainly (but not limited to) related with web application security.
Here is a place to discuss things related to penetration testing, web security, OWASP, standards, laws, code reviews etc.
Feel free to drop me an email and to comment the posts.
Well, let´s talk about the new version of Owasp Testing Guide.
OWASP Testing Guide is a framework to help people to perform security testing in their applications, especially web applications. It also provides a methodology to risk assessment (e.g. How critical is a XSS flaw in your app?).
The current stable version of the project is the third version from 2008.
Since 2008 a lot of things changed in application security like new issues, new HTTP readers, new techniques and  for sure we need a new version of this guide.
Now the community is working on a new version with some improvements and new testing such as:
        - Testing for Web Service (comprehensive set of tests)
        - Testing for HTML5
        - Testing HTTP Verb Tampering
        - Testing for Content Security Policy Weakness
        - Testing for NoSQL Injection
        - Testing for Clickjacking
The guide is expected to be released in 2013, January.
For more information about the upcoming testing guide you can check OWASP TestingGuide V4 Table of Contents.

Comments

Popular posts from this blog

The forgotten JBOSS Admin Console and CVE 2010-1871

A tool to detect Slow HTTP DoS attacks on pcap files