Owasp Testing Guide V3
2008 V3.0
© 2002-2008 OWASP Foundation This document is licensed under the Creative Commons Attribution-ShareAlike 3.0 license. You must attribute your version to the OWASP Testing or the OWASP Foundation.
Table of Contents Foreword..................................................................................................................................................................................... 7 Why OWASP? .......................................................................................................................................................................... 7 Tailoring and Prioritizing......................................................................................................................................................... 7 The Role of Automated Tools.................................................................................................................................................. 8 Call to Action ........................................................................................................................................................................... 8 1. Frontispiece............................................................................................................................................................................. 9 Welcome to the OWASP Testing Guide 3.0 ............................................................................................................................ 9 About The Open Web Application Security Project.............................................................................................................. 12 2. Introduction ........................................................................................................................................................................... 14 Principles of Testing.............................................................................................................................................................. 16 Testing Techniques Explained ............................................................................................................................................... 19 Security Requirements Test Derivation................................................................................................................................ 25 3. The OWASP Testing Framework ............................................................................................................................................ 40 Overview ............................................................................................................................................................................... 40 Phase 1: BeforeDevelopment Begins ................................................................................................................................... 41 Phase 2: During Definition and Design .................................................................................................................................. 41 Phase 3: During Development.............................................................................................................................................. 42 Phase 4: During Deployment ................................................................................................................................................ 43 Phase 5: Maintenance and Operations................................................................................................................................. 44 4 Web Application Penetration Testing ..................................................................................................................................... 46 4.1 Introduction and objectives ............................................................................................................................................ 46 4.2...
Regístrate para leer el documento completo.