The OWASP Testing Guide Jeff Williams OWASP Chair
- Slides: 13
The OWASP Testing Guide Jeff Williams OWASP Chair jeff. williams@owasp. org OWASP Copyright © 2007 - The OWASP Foundation This work is available under the Creative Commons SA 2. 5 license The OWASP Foundation http: //www. owasp. org
What Is the OWASP Testing Guide? <A book… http: //www. owasp. org/index. php/Testing_Guide OWASP 2
What Is the OWASP Testing Guide? <Part of an appsec body of knowledge… <Testing Principles <Testing Process <Custom Web Applications <Black Box Testing <Grey Box Testing <Risk and Reporting <Appendix: Testing Tools <Appendix: Fuzz Vectors <Information Gathering <Business Logic Testing <Authentication Testing <Session Management Testing <Data Validation Testing <Denial of Service Testing <Web Services Testing <Ajax Testing OWASP 3
What Is the OWASP Testing Guide? <Free and open… OWASP 4
What Is the OWASP Testing Guide? <A project… OWASP 5
What Is the OWASP Testing Guide? <Alive… 2011 2010 2009 2008 2007 OWASP 6
The Wisdom of Crowds <Diversity of opinion <Decentralization <Aggregation <Independence OWASP 7
Trusting the Testing Guide <Is the information complete and accurate? 4 We create tracking pages on various dimensions 4 Constantly reviewed and updated 4 It is being applied extensively to real applications <How can I be sure? 4 Lots of passionate experts involved 4 You can verify that it is “alive” 4 You can compare it objectively to tools or alternatives <What is the alternative? OWASP 8
What Is the OWASP Testing Guide? <A puzzle piece… Tools Testing Guide Honeycomb Threat Agents Business Impacts Vulnerabilities Business Impact Code Review Guide Vulnerability System Impacts Countermeasures Asset Countermeasure Attacks Attack Building Guide OWASP 9
What Is the OWASP Testing Guide? <An experiment… ? OWASP 10
What’s Not In the Testing Guide…Yet < Guidance on… 4 Scoping 4 Prioritizing 4 Tailoring 4 Tracking 4 Metrics < Integration… 4 Requirements 4 Threat Modeling 4 Architecture 4 Implementation 4 Testing 4 Deployment OWASP 11
OWASP Foundation - Autumn of Code Grants <Web. Scarab NG <Live CD <CAL 9000 <Site. Generator and ORG <Pantera <Webgoat <Testing Guide <OWASP. NET Tools <OWASP Website $5, 000 $3, 500 $3, 500 OWASP 12
Join Us <The OWASP Spring of Code starts soon! OWASP 13
Owasp asvs assessment tool
Owasp testing guide
Matteo meucci
Verna and sam williams case study
Andy williams robert williams
Robbie williams janet williams
Vestibular autorotation test
Owasp methodology
What is domain
Logic based testing in software testing
Data flow testing strategies in software testing
Positive and negative testing
Cs3250
Globalization testing in software testing
