Skip to content

Release v4.1

Compare
Choose a tag to compare
@github-actions github-actions released this 21 Apr 19:14
· 587 commits to master since this release
b4c7550

Published here: https://owasp.org/www-project-web-security-testing-guide/v41/

- Finish all formatting, image restoration, etc for the MediaWiki to GitHub migration.
- Move identifiers from file names/headings into the document content.
- Shorten identifiers to 4 characters categories and 2 digits.
- Revise and relocate ORM Injection into SQL Injection section.
- Simplify numbering of all content/assets.
- Various grammar and typo fixes throughout.
- All headings now use Title Caps.
- Add Host Header attacks section.
- Add Subdomain Takeover section.
- Add Cloud Storage section.
- Add Client Side SQLi section.
- Re-wrote Cookie Testing section, adding SameSite Cookies and Cookie Prefix info.
- Re-wrote Format String section.
- Fix all broken links.
- Replace various images in sections 2, 3, and 4.
- Revise Browser Cache Weakness section, including new screenshots and details for modern browsers and mobile considerations.
- Revise Client Side Storage section.
- Revise Search Engine Discovery and Recon section.
- Revise Fingerprint Web Server section.
- Revise CSRF section, and add JSON CSRF info.
- Revise password policy guidance.
- Revise web backdoors content to not be detected/blocked/removed by Windows Defender.
- Revise Remember Password section.
- Improve Identify Application Entry Points section.
- Add references and 3rd example to Business Logic Data Validation section.
- Clarify passive and active testing.
- Remove unsupported statistics.
- Remove all old www.owasp.org links and update to owasp.org where migration occurred.
- Remove misleading examples using META Cache-Control.
- Tons of typo fixes and acronym capitalization.
- New cover image for PDF.

- Project: Create Contributor Guide, Style Guide, and Content Templates.
- Project: Establish project Code of Conduct.
- Project: Establish @owasp_wstg twitter presence.

- Repo: Add markdown linting.
- Repo: Add link checking.
- Repo: Setup Issue and PR templates.
- Repo: Automate deployment of 'latest' content to owasp.org website.
- Repo: Automate deployment of versioned and stable content to owasp.org website.
- Repo: Automate creation of PDF.

- For future use:
  - Establish a layout plan for v5.
  - Establish release plans and milestones/projects for 4.1, 4.x, and 5.0.

Based on:
* ~260 Pull Requests.
* 3 Google docs for planning and data collection.
* A dozen Hangouts calls across various timezone.
* Innumerable Slack discussions.