RE: Guidlines for Testing Web Applications

[David Endler <dendler () owasp org>]

Hi,

Just a quick update on the OWASP Testing Methodology.  After a brief hiatus, we've published an updated table of 
contents and the release schedule and for upcoming chapters spaced about a month apart:  http://www.owasp.org/testing 

We will be circulating these sections on the webappsec@ list under the timeframes listed for feedback and general 
comments in order to develop a better final document.

If you are interested in participating in the peer review process, please drop me a line with some of your experiences 
and qualifications.  Thanks,

-dave
dendler () owasp org

> -----Original Message-----
> From: dan cuthbert [mailto:dan () idsec com]
> Sent: Thursday, March 20, 2003 1:49 PM
> To: Lecia McCalla
> Cc: webappsec () securityfocus com
> Subject: Re: Guidlines for Testing Web Applications
>
>
> Hi
>
> The OWASP testing team are currently working on a testing 
> framework guide that explains from start to finish the steps 
> needed to be taken when performing a audit on web applications
> more info can be found here
>
> http://www.owasp.org/testing/
>
>
> dan
>
>
> On Thu, Mar 20, 2003 at 08:28:37AM -0500, Lecia McCalla 
> tapped away......
> > All,
> >
> > I am a Business Analyst/Trainer at the company where I 
> work.  I am now 
> > required to assist in the testing of web applications with 
> the focus on 
> > the security aspect. Where as I have experience in testing, 
> I have no 
> > experience in security as it relates to web applications.  
> Can you help 
> > me?  When testing a web application with focus on security 
> what do I 
> > look for?  Are there any written guidelines that I should 
> follow?  So 
> > far I have been researching SSL and SQL Injections.  Any ideas?
> >
> > NOTE:
> > I am a fast learner. :-)