lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 24 Feb 2007 18:49:06 +0100
From: "Matteo Meucci" <matteo.meucci@...il.com>
To: "webappsec @OWASP" <webappsec@...ts.owasp.org>
Cc: webappsec@...ts.securityfocus.com, full-disclosure@...ts.grok.org.uk,
	sc-l@...urecoding.org, WASC Forum <websecurity@...appsec.org>
Subject: New release: "OWASP TESTING GUIDE 2007"

ANNOUNCING THE "OWASP TESTING GUIDE"

The OWASP Testing Guide includes a "best practice" penetration testing
framework which users can implement in their own organizations and a
"low level" penetration testing guide that describes techniques for
testing most common web application and web service security issues.

Download the Guide Now:
- http://www.owasp.org/index.php/OWASP_Testing_Project (PDF and DOC)

View the Project Overview Slides:
- http://www.owasp.org/index.php/Image:OWASP_Testing_Guide_Presentation.zip

Join the Project Mailing List:
- http://lists.owasp.org/mailman/listinfo/owasp-testing


PROJECT HISTORY

I would like to thank you all for the great effort in creating the new
OWASP Testing Guide v2. The new version is a complete rewrite that
subsumes the previous version and includes the "OWASP Web Application
Penetration Checklist", Version 1.1 dated 2004.

The project, as part of the OWASP Autumn of Code, started on October
1st 2006 reviewing all the old documentation. The first month we made
a call to action to collect all the best security experts on
application security asking them to collaborate in writing the Testing
Guide.

We set up a 'dream team' of 39 authors and 20 reviewers: after 3
months of hard work and great team work we realized the v2 Release
Candidate 1 (RC1) by the 10th of January 2007. From that date to the
10th of February we received numerous great comments: more than 20
articles have been reviewed.

On the 10th of February we published the official version 2: a 272
pages high quality document, with 46 controls divided into 8
categories.


JOIN US

We need help to...

*** Continuously Improve the Guide.
The Guide is a "live" document: we always need your feedback! Please
join our testing mailing list and share your ideas with us. The next
step is to begin working on the new version: one issue that will be
improved is the client side testing.

*** Promote the Testing Guide
We would like to have some more media coverage on the guide, so
please, if you know somebody in there put them in touch. If you have
the chance, you can write an article about the Testing Guide and the
new OWASP Projects. Also you can pick up the OWASP Testing Guide
presentations and talk about it in local conferences and Chapter
meetings.

*** Translate the Guide into your Local Language
If you'd like to translate the Testing Guide in your local language,
please contact us.

*** Add 'Quotes' to the Guide.
If you've used the guide and can share your experience, we'd love to
hear from you. You can add your quote to the OWASP wiki here:
http://www.owasp.org/index.php/Testing_Guide_Quotes


Thanks,
Mat

--
Matteo Meucci
OWASP-Italy Chair, CISSP, CISA
http://www.owasp.org/index.php/Italy
OWASP Testing Guide lead
http://www.owasp.org/index.php/Testing_Guide

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ