[Owasp-common-numbering] [Owasp-testing] Test Guide changes

Colin Watson colin.watson at owasp.org
Wed Jun 19 12:02:27 UTC 2013


Andrew (and cross-posted to common numbering project)

On 19 June 2013 12:10, Andrew Muller <andrew.muller at owasp.org> wrote:
> Its not detailed, and it doesn't include some of the categories we've
> included in the Test Guide, but the body of it is captured at
> https://www.owasp.org/index.php/OWASP_Common_Numbering_Project

I provided some feedback on the idea. I think there was some non-list
discussion, but some thoughts are in these archived messages:

  http://lists.owasp.org/pipermail/owasp-common-numbering/2012-July/thread.html

Since then I have had to cross-reference another project with the SCP
Quick Reference Guide, and instead of trying to group each statement
in any way, I simply numbered them OWASP-0001 to OWASP-0250. I suppose
they ought to be OCR-0001 etc

   http://lists.owasp.org/pipermail/owasp-common-numbering/2013-May/000005.html

I am in the process of cross-referencing these to ASVS, OT10 and
CAPEC, and was going to do it to the Testing Guide v3 codes. I was
also going to think how we can add relationships like "more specific
than" like a thesaurus so that the order and level of detail does not
matter. The XML format doesn't matter at the moment, it can be
altered, but it is then transformable into other layouts.

I have found my discussion document (attached) from March 2011 i.e.
the testing guide can use whatever structure and numbering it wants,
and externalise the cross-referencing (e.g. to the SCPQRG). If anyone
doesn't receive the PDF, email me directly.

Colin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: owasp-numbering-cw.pdf
Type: application/pdf
Size: 971421 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-common-numbering/attachments/20130619/6bf8e048/attachment-0001.pdf>


More information about the Owasp-common-numbering mailing list