The OWASP Testing Guide (2009 Version 3.0) includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues.
OWASP Testing Guide v3 is a 349 page book; we have split the set of active tests in 9 sub-categories for a total of 66 controls to test during the Web Application Testing activity.
For more information, please check out the project home page at OWASP Testing Guide V3.0 Project.
You must be logged in to post a review.
Please log in
2
People Reviewed This Product
By Jock Pereira
Oct 30, 2012
The OWASP Testing Guide is top shelf. I have used this guide as a framework for penetration testing at scores of businesses over the last 3-4 years. Not only does the OWASP guide tell you where to look for vulnerabilities it goes to great lengths to explain what each vulnerability is. It is both high level and technical. Clearly written. It gives you a sense of severity and priority when it comes to the plethora of security issues plaguing our web applications. For example, distinguishing between XSS and SQL Injection. And even more granular... XSS reflective vs. stored. Because of this the guide is practical, not sending the follower down rabbit holes but correctly detailing the things that are the most important to web application security and server configuration. Like anything, you'll want to customize this framework to work best for your specific business. That being said, the OWASP Testing Guide will give you a measurable head-start on any form of testing process, audit program... More > or quality assurance initiative.< Less
"Essential Guide" The OWASP Testing Guide v3 is an essential resource for my work as an application security analyst. This handbook provides a solid foundation for conducting tests for common application security vulnerabilities. I recommend this book for all developers, QA analysts, and IT security professionals. OWASP
