Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

OWASP Releases New Testing Guide

The Open Web Application Security Project (OWASP) announced on Wednesday the availability of version 4 of the OWASP Testing Guide.

The Open Web Application Security Project (OWASP) announced on Wednesday the availability of version 4 of the OWASP Testing Guide.

According to the organization, OWASP Testing Guide Version 4 contains several changes compared to the previous version, including new chapters and a larger number of test cases. Version 3 of the guide was released on September 15, 2008, and as many experts have pointed out, a new version is needed to reflect the changes in the evolving cybersecurity landscape.

The latest version of the testing guide includes the Developers Guide and the Code Review Guide. OWASP believes the addition of these two flagship documentation products is important because the Testing and the Code Review guides are designed to help developers evaluate the security controls described in the Developers Guide.

New chapters have been introduced for identity management testing, cryptography, error handling and client-side testing. The number of test cases has been increased from 64 to 87.

“This version of the Testing Guide encourages the community not to simply accept the test cases outlined in this guide. We encourage security testers to integrate with other software testers and devise test cases specific to the target application,” OWASP said. “As we find test cases that have wider applicability we encourage the security testing community to share them and contribute them to the Testing Guide. This will continue to build the application security body of knowledge and allow the development of the Testing Guide to be an iterative rather than monolithic process.”

Close to 60 people have authored and reviewed the 220-page guide under the leadership of Andrew Muller, the leader of the Canberra OWASP Chapter, and Matteo Meucci, OWASP-Italy founder and CEO of Minded Security. OWASP is currently seeking aid in translating the guide into other languages.

“The OWASP Testing Guide includes a ‘best practice’ penetration testing framework which users can implement in their own organizations and a ‘low level’ penetration testing guide that describes techniques for testing most common web application and web service security issues,” Meucci said in a post on the Minded Security blog.

Advertisement. Scroll to continue reading.

The OWASP Testing Guide Version 4 in PDF format is available here.

 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.