The speech goal is to show the OWASP testing methodology and how you can implement a software development lifecycle that permit to develop more secure applications. The Open Web Application Security Project (OWASP) wants to deliver free tools and documentation for the Web Application Security. The talk will present the new OWASP Testing Guide v3 that includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues. OWASP Testing Guide v3 is a 349 page book; we have split the set of active tests in 9 sub-categories for a total of 66 controls to test during the Web Application Testing activity. FOSDEM (Free and Open Source Development European Meeting) is a European event centered around Free and Open Source software development. It is aimed at developers and all interested in the Free and Open Source news in the world. Its goals are to enable developers to meet and to promote the awareness and use of free and open source software.