WebApp Sec mailing list archives
Re: OpenHack and OWASP Testing Methodology
From: jcosta () lendleaserei com
Date: Tue, 3 Dec 2002 14:22:46 -0500
Has anyone been able to find the "hardened" Apache httpd.conf file that Eweek mentions is available for download? |---------+----------------------------> | | "David Endler" | | | <dendler () owasp or| | | g> | | | | | | 12/03/2002 11:08 | | | AM | | | Please respond to| | | dendler | | | | |---------+---------------------------->
------------------------------------------------------------------------------------------------------------------------------|
| | | To: <webappsec () securityfocus com> | | cc: | | Subject: OpenHack and OWASP Testing Methodology |
------------------------------------------------------------------------------------------------------------------------------|
As a followup to the eweek OpenHack thread, here's a brief article by the only winner. The article is interesting in that it gives insight into a webappsec tester's mindset and some of his methodology. http://www.eweek.com/article2/0,3959,741368,00.asp Speaking of methodology, the OWASP Testing Methodology is currently in peer review and will be released for comment later this month. Our aim is for this document to be used in a variety of ways, from security professionals looking to adopt an industry derived and proven methodology to web system owners looking to conduct tests themselves or seeking to ensure their consultants are comprehensively checking their applications. -dave
Current thread:
- OpenHack and OWASP Testing Methodology David Endler (Dec 03)
- <Possible follow-ups>
- Re: OpenHack and OWASP Testing Methodology jcosta (Dec 03)