New PenTest Checklist from OWASP

["Jeff Williams" <jeff.williams () owasp org>]

Hi,

The OWASP Testing Project is pleased to release this new checklist to help
organizations who are interested in performing or contracting for
penetration testing on their web applications.  You can download the new
checklist from The OWASP Foundation website at http://www.owasp.org.  This
checklist provides issues that should be tested. It does not prescribe
techniques that should be used.

The Testing Project has two major parts. Part One will be released soon and
will focus on principles, scope, and technique of web application security
testing. Part Two will cover how to test for specific technical issues such
as SQL Injection and will cover code review, run-time analysis and
penetration testing techniques. This checklist will likely become an
appendix to Part Two, but we're releasing it early.

Many OWASP followers (especially financial services companies) have asked
OWASP to develop a checklist that they can use when they undertake
penetration testing. The goal is to promote consistency among both internal
testing teams and external vendors. As such, this list has been developed to
be used in several ways including:

  - RFP Template
  - Benchmarks
  - Testing Checklist

Please send constructive feedback to owasp-testing () lists sourceforge net,
and thank you for your support of OWASP.

--Jeff

Jeff Williams
Aspect Security, Inc.
http://www.aspectsecurity.com