[OWASP-TESTING] final draft of the outline

Daniel daniel.cuthbert at owasp.org
Thu May 5 04:48:00 EDT 2005


Ok, a small section detailing what an average test should take to complete
as well as deliverables maybe?

maybe a good way to go is to help people out there distinguish from the
cowboys offering app testing to the companies/individuals who actually do
the job correctly


Revelli Alberto said:
> Cost in $$$ can be very fluctuating, I agree.
> But as long as we stick to a rough estimate in (number_of_testers *
> test_days), I believe that a few hints could be quite helpful.
>
> A.
>
>
> -----Original Message-----
> From: owasp-testing-admin at lists.sourceforge.net on behalf of Daniel
> Sent: Wed 5/4/2005 4:55 PM
> To: owasp-testing at lists.sourceforge.net
> Subject: Re: [OWASP-TESTING] final draft of the outline
>
> I'd like to stay away from the cost factor, as the cost is constantly
> changing (example, here in the UK, the day rate changes between 1000
> pounds to 1400 pounds, depending on whom you are dealing with)
>
>
>
>
> Simon Roses Femerling said:
>> Hi all,
>>
>> What about cost, project estimation, etc.. ?
>>
>> IMO the document should also provide some directions about this matter.
>> or
>> is this subject more relevant to
>> Phase One doc. I know this domain is so vast and dynamic (web servers,
>> aplication servers, etc..) that is hard to estimate.
>>
>> I believe something like OSSTM "Rule of Thumb" would be nice for WAVA,
>> btw
>> nice word :)
>>
>> Some directions about this subject can be of some benefits, as security
>> pros
>> can provide customers with
>> "real" estimations and customers can get an idea of what to expect of
>> the
>> engagement.
>>
>> Take care,
>>
>> Simon Roses Femerling
>> Consultor en Seguridad / IT Security Consultant
>> IT Deusto
>> http://www.itdeusto.com
>> Madrid, Spain
>> ----- Original Message -----
>> From: "Daniel Cuthbert" <daniel.cuthbert at owasp.org>
>> To: <owasp-testing at lists.sourceforge.net>
>> Sent: Wednesday, May 04, 2005 2:06 AM
>> Subject: [OWASP-TESTING] final draft of the outline
>>
>>
>>> hey all,
>>>
>>> Attached is, what i feel, the final draft of the initial outline.
>>> If everyone is happy with what is included, i'll spend the remainder
>>> of this week creating the sections in which everyone can choose their
>>> chosen topic.
>>>
>>> Obviously the basic penetration testing tips caused an interesting
>>> discussion, i'll have a think about the future of them within the
>>> testing guide.
>>>
>>> Look forward to your feedback
>>>
>>> Daniel
>>>
>>>
>>
>>
>>
>
>
> Daniel
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: NEC IT Guy Games.
> Get your fingers limbered up and give it your best shot. 4 great events, 4
> opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
> win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20
> _______________________________________________
> owasp-testing mailing list
> owasp-testing at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-testing
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: NEC IT Guy Games.
> Get your fingers limbered up and give it your best shot. 4 great events, 4
> opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
> win an NEC 61 plasma display. Visit http://www.necitguy.com/?r
> _______________________________________________
> owasp-testing mailing list
> owasp-testing at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-testing
>


Daniel




More information about the Owasp-testing mailing list