[Owasp-leaders] [Owasp-testing] OWASP Testing Guide v4: start-up

Mon Jul 19 07:41:49 EDT 2010

Thumbs Up

Sent using BlackBerry® from Orange

-----Original Message-----
From: daniel cuthbert <daniel.cuthbert at owasp.org>
Sender: owasp-leaders-bounces at lists.owasp.org
Date: Mon, 19 Jul 2010 13:33:24 
To: <owasp-leaders at lists.owasp.org>
Reply-To: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] [Owasp-testing] OWASP Testing Guide v4: start-up

Personally this is one reason why individual tools never featured in
version 1 or 2 of the guide. Too many chances for politics. This isn't
a dummies guide to testing, there has to be a level of assumption that
the person doing the testing has his/her own tools for the task. Our
job is to show them the approach, without saying use X over Y as it's
better.

Now in most cases that's possible, but if not, we need to have a
massive disclaimer at the start mentioning how any endorsement of tool
X isn't intended and only shown as an example of how it could be done.

On 19 July 2010 13:19, Paolo Perego <thesp0nge at owasp.org> wrote:
> On Mon, Jul 19, 2010 at 12:13 PM, daniel cuthbert
> <daniel.cuthbert at owasp.org> wrote:
>> But then we are opening ourselves up for crap from suggesting one tool
>> over the other.
> Well, it is true but since we're promoting opensouce software I think
> we can arrange the examples to be written using more than one tool,
> using the ones you (the authors) are more comfortable with.
>
> I think it will add more value to the guide itself
> Just my €0,02 of course
> Paolo
> --
> "... static analysis is fun, again!"
>
> OWASP Orizon project leader, http://github.com/owasp-orizon
> Owasp Italy R&D director
>_______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders