Advocates with the web application security consortium OWASP published the latest iteration of its Testing Guide this week.
Marking its 10th anniversary this year, the fourth version (v4) of the guide builds onto the last one, published in 2008, in three ways.
For v4 the group combined its Developers Guide and the Code Review Guide into one, upped the number of test cases it includes and perhaps most importantly, challenges its users to share their findings with other security testers in order to bolster the wiki version of the Testing Guide. Version 4 also now instructs developers can test for the presence of the HSTS header, a mechanism that directs web sites to explicitly communicate to web browsers over HTTPS.
