OWASP Penetration Test Checklist v1.1

["Daniel" <Daniel () deeper co za>]

Hi,

The OWASP Project is pleased to announce version 1.1 of the web
application penetration checklist.

The Testing Project has two major parts. Part One is due to be released
any day and will focus on principles, scope, and technique of web
application security testing. Part Two is currently well under way and
will cover how to test for specific technical issues such as SQL Injection
and will cover code review, run-time analysis and penetration testing
techniques.

Many OWASP followers (especially financial services companies) have asked
OWASP to develop a checklist that they can use when they undertaking a
penetration test. The goal is to promote consistency among both internal
testing teams and external vendors. It provides a list of issues which
should be included in any standard web application penetration test and
will eventually be made part of the OWASP Testing Guide once released.

As such, this list has been developed to be used in several ways, including:

   - RFP Template
   - Benchmarks
   - Testing Checklist

The international versions of the penetration checklist are currently
being posted to SourceForge. Many thanks for this excellent effort to:

Sung-Koo Ryeo (Korean)
Calderon, Juan Carlos (Spanish)

If there are other OWASP followers out there who would be interested in
creating other language versions of OWASP materials, please let me know.

The files are available for download on the OWASP download page at
SourceForge:
https://sourceforge.net/project/showfiles.php?group_id=64424&package_id=62285

(Note: it may take a few hours for all the SourceForge mirrors to pick up
the documents)

Please send your constructive feedback and additions to testing () owasp org,
and once again, thanks for your support of OWASP.

Daniel