[Owasp-leaders] Astyran: The New OWASP Testing Guide - Style over Content

vanderaj vanderaj vanderaj at owasp.org
Sun Aug 26 04:23:32 UTC 2012

Although I agree that this is a reasonable position on the problem (the CN
scheme doesn't need to be perfect or complete), it's important to realise
that there are four use cases for the CN:

Developer Guide
Testing Guide
Code Review Guide
... others

That means we should remove "Testing for..." from the name as it's not
appropriate for 3/4 of the Guides using the CN.

An obvious mistake is actually trying to include every weakness in a
proactive controls document. I will deliberately avoid some of the things
in the Testing Guide as they are not appropriate for the Development Guide.
And vice versa.


On Thu, Aug 23, 2012 at 11:37 PM, Tom Brennan <tomb at owasp.org> wrote:

> Nice blog post - now let's move the ball
> http://blog.astyran.sg/2012/08/the-new-owasp-testing-guide-style-over.html?m=1
> Tom Brennan
> 973-202-0122
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120826/258da59c/attachment.html>

More information about the OWASP-Leaders mailing list