[Owasp-board] Fwd: [Owasp-testing] OSSTMM manual, followup by Pete about OSS

Jeff Williams jeff.williams at owasp.org
Fri Feb 2 17:34:28 UTC 2007

I'm open to the idea, but I want to be absolutely sure that everything that
comes from the collaboration will be open.  I don't want to waste cycles on
making something that won't be fully open and free.  I'd be more comfortable
taking the OSSBLAHBLAHTMM and making it an OWASP standard.





From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: Thursday, February 01, 2007 10:41 PM
To: owasp-board at lists.owasp.org
Subject: [Owasp-board] Fwd: [Owasp-testing] OSSTMM manual,followup by Pete
about OSS



---------- Forwarded message ----------
From: Pete Herzog <pete at isecom.org>
Date: Feb 1, 2007 5:23 PM 
Subject: Re: [Owasp-testing] OSSTMM manual, followup by Pete about OSS
To: Dinis Cruz <dinis at ddplus.net>
Cc: "Matteo G.P. Flora" < mf at matteoflora.com <mailto:mf at matteoflora.com> >

Hi Dinis,

I have been giving the collaboration some thought and we think that we
would like to start by combining the OWASP Testing guide 2.0 with the
OSSTMM Data Security Modules so that it would be integrated with the OSSTM. 
   Since we have already been working on a special web app testing edition
of OSSTMM 3, it might be beneficial to use each of our strengths to make
the best version possible.  Would you or OWASP support an endeavor to 
create such a hybrid?


Pete Herzog - Managing Director - pete at isecom.org
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.isestorm.org
ISECOM is the OSSTMM Professional Security Tester (OPST),
OSSTMM Professional Security Analyst (OPSA), and Hacker Highschool
Teacher certification authority.

Dinis Cruz wrote:
> Hi Pete thanks for you answers, 
> Regarding the OWASP Testing Guide and the OSSTMM, are you able to
> organize the 2 page comparison? Basically the question to answer in is:
> "what is covered in the OSSTMM that is not covered on (or has better 
> quality than) the OWASP Testing Guide"
> If want to have a look at the guide see
> I am also quite interrested in your research on classifying
> vulnerability types for the OWASP Report Generator
> <http://www.owasp.org/index.php/OWASP_Report_Generator > project where I
> am one of the main developers, can you share some results with us?
> Thanks
> Dinis Cruz
> Chief OWASP Evangelist, Are you a member yet?
> http://www.owasp.org

Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070202/cb0c4ba0/attachment-0002.html>

More information about the Owasp-board mailing list