[Owasp-testing] Template for the OWASP Testing Guide v3
Calderon, Juan Carlos (GE, Corporate, consultant)
juan.calderon at ge.com
Tue May 27 13:47:58 EDT 2008
Yeah definitely, very controversial
Why not?
Vendors use to use whatever they see to do marketing on their product,
so you should be 100%, 200% or 1000% sure to make clear OWASP is not
endorsing in any way their product.
Why yes?
to be unbiased, I think as well you should mention them, as there are
people willing to know what else is there beyond the open source
horizon.
Note: you can always use a hard to read color and small font for
commercial ones :P (just kidding)
Regards,
Juan Carlos Calderon
________________________________
From: owasp-testing-bounces at lists.owasp.org
[mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Daniel
Cuthbert
Sent: Martes, 27 de Mayo de 2008 11:20 a.m.
To: Dave van Stein
Cc: owasp-testing
Subject: Re: [Owasp-testing] Template for the OWASP Testing Guide v3
as i said, shark infested waters :0)
On 27 May 2008, at 6:18 PM, Dave van Stein wrote:
Or just do not talk at all about pro's and con's in the case of
commercial products?
we can always use their non-GNU status as an excuse :)
2008/5/27 Daniel Cuthbert <daniel.cuthbert at owasp.org>:
Agreed but these are shark infested waters :)
I never had any issues referencing them in previous
versions, as long as we offer the pro's and con's of both
On 27 May 2008, at 6:03 PM, Dave van Stein wrote:
Personally I think if we want to be absolutely
unbiased we should mention commercial tools. Off course we do not have
to go in to details what every tool is capable of, but if, for example,
a chapter deals with automated vulnerability scanners, products of HP,
IBM, Acunetix and others should at least be mentioned to exist.
but, off course, that is just my opinion :)
2008/5/27 Matteo Meucci
<matteo.meucci at gmail.com>:
Hi Kevin,
sure we would not like to promote any
commercial tools.
Do you mean to create 2 separate tool
indexes? One for commercial and
one for open source? We usually suggest
only open source tools.
Look for example at the following:
https://www.owasp.org/index.php/Testing_for_SQL_Injection
Mat
On Tue, May 27, 2008 at 3:31 PM, kevin
horvath <kevin.horvath at gmail.com> wrote:
> Matt,
>
> The format looks good to me. One
suggestion is change the "Tools"
> subsection to "Type of Tools" so that
we are not seen as promoting any
> certain tools such as commericial type
tools or open source tools
> which may have been backdoored. For
example we could say "Web proxy
> or browser plugin", unless OWASP has a
tool for it in which it could
> go like this, "Web proxy such as
Webscarab or a browser plug-in".
> Just want to make sure we are still
seen as unbiased and not seen as
> promoting any commercial vendor.
>
>
> Kevin
>
> On Sun, May 25, 2008 at 6:46 PM,
Matteo Meucci <matteo.meucci at gmail.com> wrote:
>> Hi all,
>> does it fit for you the following
template for each paragraph?
>>
https://www.owasp.org/index.php/Template_Paragraph_Testing_v3
>>
>> That is the old Template for the
OWASP Testing Guide v2, I think it
>> should work also for this new
version.
>>
>> Mat
>>
_______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>>
https://lists.owasp.org/mailman/listinfo/owasp-testing
>>
>
--
Matteo Meucci
OWASP-Italy Chair, CISSP, CISA
http://www.owasp.org/index.php/Italy
OWASP Testing Guide lead
http://www.owasp.org/index.php/Testing_Guide
_______________________________________________
Owasp-testing mailing list
Owasp-testing at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-testing
_______________________________________________
Owasp-testing mailing list
Owasp-testing at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-testing
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20080527/6990349e/attachment.html
More information about the Owasp-testing
mailing list