Testing Guide v5

This is the OWASP Testing Guide Project Roadmap for v5.

You can download the stable version v4 here:


The OWASP Testing Guide v4 includes a “best practice” penetration testing framework which users can implement in their own organisations. The Testing Guide v4 also includes a “low level” penetration testing guide that describes techniques for testing the most common web application and web service security issues. Today the Testing Guide is the standard to perform Web Application Penetration Testing, and many companies around the world have adopted it. It is vital to maintain an updated project that represents the state of the art for WebAppSec.

The aim of the Working Session is to discuss the scope and content of OWASP Testing Guide v5.

Main goals

  • Review all the sections in v4,
  • Align the project with the ASVS and OWASP Top 10 vulnerabilities
  • Create a more readable guide, eliminating some sections that are not useful
  • Insert new testing techniques
  • Rationalize some sections as Session Management Testing,
  • Create a new section: Client side security and Firefox extensions testing

Project v5 Deadlines:

  • 21st March 2017: Setup the team of authors
  • 22th March 2017: Start a brainstorming for the new index starting from “Release Description”
  • 15th April 2017: Create the new index and confirm new team
  • 15th May 2017: Start writing articles first phase
  • 12-16 June 2017: OWASP Summit TGv5 review and brainstorming
  • 17th June 2017: Start writing articles II phase
  • 1st October 2017: Start the second review phase
  • 15th November 2017: Create the RC1
  • 15th January 2017: Release version 5


The target audience for this Working Session is:

Related Working Session(s)

Back to list of all Working Sessions and Tracks

Edit this page here