[Owasp-leaders] [Owasp-testing] OWASP Testing Guide v4: start-up

[daniel cuthbert]

"IMHO, I think this thread his diverting from the original Matteo's intention.
Matt, count on me as technical reviewer of the doc"

No actually it's debating his request to use O2 as a method for test
cases for each issue, hardly diverting away.


On 19 July 2010 13:45, Paolo Perego <thesp0nge at owasp.org> wrote:
> On Mon, Jul 19, 2010 at 1:33 PM, daniel cuthbert
> <daniel.cuthbert at owasp.org> wrote:
>> Personally this is one reason why individual tools never featured in
>> version 1 or 2 of the guide. Too many chances for politics. This isn't
> Well Daniel, I don't think saying "you can use nmap this way or
> webscarab the other way" would lead to have "polical issues" nor
> saying we are endorsing such tools because they are the *ONES*.
>
> We can also choose to mention only owasp tools where available.
> So we solve the political issue.
>
>> a dummies guide to testing, there has to be a level of assumption that
>> the person doing the testing has his/her own tools for the task. Our
> Well I can't see the problem here. If an experienced user, uses tool X
> as HTTP Proxy will continue using X to do its tasks also if you use
> Webscarab in the example.
>
>> job is to show them the approach, without saying use X over Y as it's
>> better.
> I'm missing this point. Saying "you can perform this test using X , Y
> and Z this way" is different (at least for me) that saying "K and J
> tools are worst than X, Y and Z".
>
> IMHO, I think this thread his diverting from the original Matteo's intention.
> Matt, count on me as technical reviewer of the doc.
>
> Paolo
> --
> "... static analysis is fun, again!"
>
> OWASP Orizon project leader, http://github.com/owasp-orizon
> Owasp Italy R&D director
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>