[OWASP-TESTING] Notes on Testing

Ivan Arce ivan.arce at corest.com
Tue Dec 10 15:35:53 EST 2002


 Certainly! I was just playing devil's advocate, 
as long as we discuss the pros and cons of each
approach and provide enough information to the reader
to make an adequate choice we will be fine, in fact
we should not go much futher than that, what is 
adequate for one wont be acceptable or feasible for
some others.

Personally I consider more important to test in
a real environment (qa, pre-prod, whatever) with
everything 'connected' and fake data (or real-like)
than testing with real data in the vacum.

But I think we will be soon getting to the fine grained 
details that are not so relevant for the document itself.

-ivan


---
Perscriptio in manibus tabellariorum est
Noli me vocare, ego te vocabo

Ivan Arce
CTO
CORE SECURITY TECHNOLOGIES

44 Wall Street - New York, NY 10005
Ph: (212) 461-2345
Fax: (212) 461-2346
http://www.corest.com

PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836  B25D 207B E78E 2AD1 F65A


> -----Original Message-----
> From: owasp-testing-admin at lists.sourceforge.net
> [mailto:owasp-testing-admin at lists.sourceforge.net]On Behalf Of Mark
> Curphey
> Sent: Monday, December 09, 2002 11:49 PM
> To: Nick Randolph
> Cc: owasp-testing at lists.sourceforge.net
> Subject: RE: [OWASP-TESTING] Notes on Testing
> 
> 
> I think there is the issue of production, pre-prod and QA systems
> environments that also have an effect on the discussion though. If you
> have pre-prod and QA you wouldn't need to take a system offline.  
> 
> In some large US financials you are absolutely not allowed to test with
> real data.
> 
> I suggest we discuss the pros and cons of all thew approaches and offer
> a balanced view. 
> 
> Seem sensible ?
> 





More information about the Owasp-testing mailing list