The Open Web Application Security Project (OWASP) announced on Wednesday the availability of version 4 of the OWASP Testing Guide.
According to the organization, OWASP Testing Guide Version 4 contains several changes compared to the previous version, including new chapters and a larger number of test cases. Version 3 of the guide was released on September 15, 2008, and as many experts have pointed out, a new version is needed to reflect the changes in the evolving cybersecurity landscape.
The latest version of the testing guide includes the Developers Guide and the Code Review Guide. OWASP believes the addition of these two flagship documentation products is important because the Testing and the Code Review guides are designed to help developers evaluate the security controls described in the Developers Guide.
New chapters have been introduced for identity management testing, cryptography, error handling and client-side testing. The number of test cases has been increased from 64 to 87.
“This version of the Testing Guide encourages the community not to simply accept the test cases outlined in this guide. We encourage security testers to integrate with other software testers and devise test cases specific to the target application,” OWASP said. “As we find test cases that have wider applicability we encourage the security testing community to share them and contribute them to the Testing Guide. This will continue to build the application security body of knowledge and allow the development of the Testing Guide to be an iterative rather than monolithic process.”
Close to 60 people have authored and reviewed the 220-page guide under the leadership of Andrew Muller, the leader of the Canberra OWASP Chapter, and Matteo Meucci, OWASP-Italy founder and CEO of Minded Security. OWASP is currently seeking aid in translating the guide into other languages.
“The OWASP Testing Guide includes a ‘best practice’ penetration testing framework which users can implement in their own organizations and a ‘low level’ penetration testing guide that describes techniques for testing most common web application and web service security issues,” Meucci said in a post on the Minded Security blog.
The OWASP Testing Guide Version 4 in PDF format is available here.
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
- Security Update for Chrome 109 Patches 6 Vulnerabilities
- New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch
- Forward Networks Raises $50 Million in Series D Funding
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
