/OWASP-Testing-Guide-v5

The OWASP Testing Guide includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues.

Creative Commons Attribution Share Alike 4.0 InternationalCC-BY-SA-4.0

OWASP Testing Guide Project

Contributions Welcome OWASP Flagship

Welcome to the OWASP Testing Guide (OTG) project!

You can download the stable version v4 here.

  1. OWASP Testing Guide Project
    1. Contributions, Feature Requests, and Feedback
    2. Style Guidelines
    3. Maintainers
    4. Special Thanks
    5. Project Summit 2017 Outcomes

Contributions, Feature Requests, and Feedback

Everyone can contribute! By simply reading the document, which you certainly should do, grammar mistakes, new ideas, or paragraph restructuring thoughts will show themselves! Just try it out, you'll see. πŸ˜„

Not to mention, you'll be on the authors, or reviewers and editors list.

Before you start contributing, please read our contribution guide which should help you get started and follow our best practices.

Whenever you identify a contribution possibility, open up an issue with it in order for us to keep track and assign project milestones.

For the ones that enjoy providing constructive feedback and feel like they can review other's contributions, head straight to our Pull Requests!

Despite us being technical, we love having technical and casual chats with others. Join us by following the below steps:

Feel free to ask questions, bounce ideas off us, or just hang out and chat!

You can also open up a post on our Google Group!

Style Guidelines

  • Please don't write in the first person (Ex: no "I" or "Me" statements).

  • Please do use Title Caps for headings, using Title Capitalization as defined by the Chicago Manual of Style. For quick reference you can use this online tool (make sure you select the "Chicago" tab).

  • Please do use serial or Oxford commas.

  • Don't use and/or. Chances are you can simply write or. (Note: The OR allows for the same True result as an AND, while also allowing for other combinations producing True results.) Unless you actually mean something like "A and/exclusive or B" in which case read the sentence to yourself with those words and then figure out a different way to write it. πŸ˜„

  • Caption figures using title case, with the section and sub-section numbers, followed by the figure position in the document. Use the format Figure <section>.<sub-section>-<position>: Caption Title. For example, the first image shown in section 4.8, sub-section 19 would be added as follows:

    ![SSTI XVWA Example](images/SSTI_XVWA.jpeg)\
    *Figure 4.8.19-1: SSTI XVWA Example*

Project Folder Structure

When adding articles and images, please place articles in the appropriate sub-section directory, and place images in an images/ folder within the article directory. Here is an example of the project structure:

document/
 β”œβ”€β”€β”€0_Foreword/
 β”‚   └───0_Foreword.md
 β”œβ”€β”€β”€1_Frontispiece/
 β”‚   β”œβ”€β”€β”€images/
 β”‚   β”‚   └───example.jpg
 β”‚   └───1_Frontispiece.md
 β”œβ”€β”€β”€2_Introduction/
 β”‚   β”œβ”€β”€β”€images/
 β”‚   β”‚   └───example.jpg
 β”‚   └───2_Introduction.md
 β”œβ”€β”€β”€3_The_OWASP_Testing_Framework/
 β”‚   β”œβ”€β”€β”€images/
 β”‚   β”‚   └───example.jpg
 β”‚   └───3_The_OWASP_Testing_Framework.md
 β”œβ”€β”€β”€4_Web_Application_Security_Testing/
 β”‚   β”œβ”€β”€β”€4.1_Introduction_and_Objectives/
 β”‚   β”‚   └───4.1_Testing_Introduction_and_Objectives.md
 β”‚   β”œβ”€β”€β”€4.2_Information_Gathering/
 β”‚   β”‚   β”œβ”€β”€β”€images/
 β”‚   β”‚   β”‚   └───example.jpg
 β”‚   β”‚   β”œβ”€β”€β”€4.2_Testing_Information_Gathering.md
 β”‚   β”‚   └───4.2.1_Conduct_Search_Engine_Discovery.md

Maintainers

Special Thanks

For the people that helped migrate this project from MediaWiki to GitHub's flavored Markdown, thank you!

Project Summit 2017 Outcomes

The outcomes can be found here