Security Testing Manuals

Creating software is hard. Testing security risks even harder. So make use of good open testing guides.

OWASP Application Security Verification Standard

The standard provides a basis for designing, building, and testing technical application security controls, including architectural concerns, secure development lifecycle, threat modelling, agile security including continuous integration / deploynent, serverless, and configuration concerns. See the latest version on the git repository: OWASP/ASVS

Or download the PDF from the project main page: https://owasp.org/www-project-application-security-verification-standard/

OWASP Mobile Security Testing Guide

The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering. See: https://mobile-security.gitbook.io/mobile-security-testing-guide/overview/0x03-overview

OpenSSL: X.509 errors

A great guide to improve understanding of X.509 errors.

A must read and must known for everyone who claims to be capable of configuring and maintaining TLS. In reality: Almost no one knowns and understands all aspects of TLS in depth.

Check the guides: OpenSSL: X.509 errors.

Mission of this project

Simplify the ecosystem by consolidating the errors and their documentation (similarly to web documentation) and better explaining what the validation errors mean.

Check also the code repository and the readme.