OWASP's OTG
The most widely accepted reference in web pen testing is the OWASP Testing Guide also known as OTG, Version 4 (https://www.owasp.org/index.php/OWASP_Testing_Project). The OWASP has led the field for many years due to heavy participation from the community and its stellar reputation for anticipating trends and teaching the community to test against them. OWASP's influence is a major driver in presentations at conferences such as those run by SANS, Black Hat, and DevCon, and their top 10 web security threats are a must-read for any of us.
The OTG, much like the NIST guidance, provides some tips and pointers for incorporating testing in appropriate phases. OWASP maintains the OTG more regularly that the other full-coverage frameworks ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access