[Owasp-leaders] Astyran: The New OWASP Testing Guide - Style over Content

vanderaj vanderaj vanderaj at owasp.org
Sun Aug 26 04:23:32 UTC 2012


Although I agree that this is a reasonable position on the problem (the CN
scheme doesn't need to be perfect or complete), it's important to realise
that there are four use cases for the CN:

Developer Guide
Testing Guide
Code Review Guide
ASVS
... others

That means we should remove "Testing for..." from the name as it's not
appropriate for 3/4 of the Guides using the CN.

An obvious mistake is actually trying to include every weakness in a
proactive controls document. I will deliberately avoid some of the things
in the Testing Guide as they are not appropriate for the Development Guide.
And vice versa.

thanks,
Andrew

On Thu, Aug 23, 2012 at 11:37 PM, Tom Brennan <tomb at owasp.org> wrote:

> Nice blog post - now let's move the ball
>
>
> http://blog.astyran.sg/2012/08/the-new-owasp-testing-guide-style-over.html?m=1
>
>
>
> Tom Brennan
> 973-202-0122
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120826/258da59c/attachment.html>


More information about the OWASP-Leaders mailing list