From 832db64f621be72d19249a8d22715ef293912376 Mon Sep 17 00:00:00 2001 From: Artiom Mocrenco Date: Tue, 22 Aug 2017 17:15:40 +0300 Subject: [PATCH] Add OWASP Testing Checklist v4 --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index fd22420..d37cc9a 100644 --- a/README.md +++ b/README.md @@ -229,6 +229,7 @@ Thanks to all [contributors](https://github.com/sbilly/awesome-security/graphs/c - [sqlmap](http://sqlmap.org/) - sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. - [ZAP](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. +- [OWASP Testing Checklist v4](https://www.owasp.org/index.php/Testing_Checklist) - List of some controls to test during a web vulnerability assessment. Markdown version may be found [here](https://github.com/amocrenco/owasp-testing-checklist-v4-markdown/blob/master/README.md). - [w3af](http://w3af.org/) - w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. - [Recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - Recon-ng is a full-featured Web Reconnaissance framework written in Python. Recon-ng has a look and feel similar to the Metasploit Framework. - [PTF](https://github.com/trustedsec/ptf) - The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.