[Owasp-leaders] [Owasp-testing] OWASP Testing Guide v4: start-up
Stephen de Vries
stephen at twisteddelight.org
Mon Jul 19 07:59:48 EDT 2010
On Jul 19, 2010, at 1:55 PM, Paolo Perego wrote:
> Well we were talking from the wide adoption to general opensource
> tools that is a bit different that using O2 as reference platform.
> Indeed, I make my statement. To me using O2 as live example can give
> the project a broader audience and forcing (but I don't think this is
> the case) Dinis to cover the widest testing guide spectrum improving
> the number of performed tests.
I think the testing guide should remain high level, once we start using specific tools it becomes too implementation dependent. It would be easy to simply use generic terms instead of specific ones, e.g. "intercept the request" instead of "intercept the request with webscarab".
Having the O2 platform implement testing guide tests is a great idea, but that should be done from the o2 project, not the testing guide, IMO. I'd like to see the guide remain high level and implementation independent.
More information about the OWASP-Leaders