The OWASP Testing Guide Jeff Williams OWASP Chair
- Slides: 13
The OWASP Testing Guide Jeff Williams OWASP Chair jeff. williams@owasp. org OWASP Copyright © 2007 - The OWASP Foundation This work is available under the Creative Commons SA 2. 5 license The OWASP Foundation http: //www. owasp. org
What Is the OWASP Testing Guide? <A book… http: //www. owasp. org/index. php/Testing_Guide OWASP 2
What Is the OWASP Testing Guide? <Part of an appsec body of knowledge… <Testing Principles <Testing Process <Custom Web Applications <Black Box Testing <Grey Box Testing <Risk and Reporting <Appendix: Testing Tools <Appendix: Fuzz Vectors <Information Gathering <Business Logic Testing <Authentication Testing <Session Management Testing <Data Validation Testing <Denial of Service Testing <Web Services Testing <Ajax Testing OWASP 3
What Is the OWASP Testing Guide? <Free and open… OWASP 4
What Is the OWASP Testing Guide? <A project… OWASP 5
What Is the OWASP Testing Guide? <Alive… 2011 2010 2009 2008 2007 OWASP 6
The Wisdom of Crowds <Diversity of opinion <Decentralization <Aggregation <Independence OWASP 7
Trusting the Testing Guide <Is the information complete and accurate? 4 We create tracking pages on various dimensions 4 Constantly reviewed and updated 4 It is being applied extensively to real applications <How can I be sure? 4 Lots of passionate experts involved 4 You can verify that it is “alive” 4 You can compare it objectively to tools or alternatives <What is the alternative? OWASP 8
What Is the OWASP Testing Guide? <A puzzle piece… Tools Testing Guide Honeycomb Threat Agents Business Impacts Vulnerabilities Business Impact Code Review Guide Vulnerability System Impacts Countermeasures Asset Countermeasure Attacks Attack Building Guide OWASP 9
What Is the OWASP Testing Guide? <An experiment… ? OWASP 10
What’s Not In the Testing Guide…Yet < Guidance on… 4 Scoping 4 Prioritizing 4 Tailoring 4 Tracking 4 Metrics < Integration… 4 Requirements 4 Threat Modeling 4 Architecture 4 Implementation 4 Testing 4 Deployment OWASP 11
OWASP Foundation - Autumn of Code Grants <Web. Scarab NG <Live CD <CAL 9000 <Site. Generator and ORG <Pantera <Webgoat <Testing Guide <OWASP. NET Tools <OWASP Website $5, 000 $3, 500 $3, 500 OWASP 12
Join Us <The OWASP Spring of Code starts soon! OWASP 13
- Owasp asvs assessment tool
- Owasp testing guide
- Matteo meucci
- Verna and sam williams case study
- Andy williams robert williams
- Robbie williams janet williams
- Vestibular autorotation test
- Owasp methodology
- What is domain
- Logic based testing in software testing
- Data flow testing strategies in software testing
- Positive and negative testing
- Cs3250
- Globalization testing in software testing