[OWASP-TESTING] Got Sidetracked

Calderon, Juan Carlos (GE Commercial Finance, NonGE) juan.calderon at ge.com
Mon Apr 12 12:47:49 EDT 2004


hey!

Congrats to all, the new flow is cool and the whole thing looks just great!

I have no further comments about the "issues" just a few about the workflow (Dan?)

1. In some processes like "try to exploit the vulnerability" is not a decision point so I think the "Yes" flow arrow should not go there.
2. "Can you compromise the application with the vulnerability?" it is a decision point so it should be into a rhombus
3. "Is there information leakage?" has 2 "YES" flow arrows.
4. "Is the type of information business critical?" has no "NO" flow arrow
5. "Have all possible test being executed?" it is not "referenced", IMO the "YES" flow arrow from "Have all attack methods being exhausted and investigated?" should be pointing here.

Cheers

JC

-----Original Message-----
From: owasp-testing-admin at lists.sourceforge.net
[mailto:owasp-testing-admin at lists.sourceforge.net]On Behalf Of Glyn
Geoghegan
Sent: Sunday, April 11, 2004 9:39 PM
To: 'Mark Curphey'; owasp-testing at lists.sourceforge.net
Subject: RE: [OWASP-TESTING] Got Sidetracked


Check-in: OWASP web app internet checklist (doc)
Comments: as before, but with tracked changes.

On the topic of PDF creation: The reasons the pictures look shoddy are
because of the image compression used by default in an attempt to reduce the
file sizes.

In open office, use the file/export to pdf option and then choose 'press
quality'.
In acrobat, go into the pdf options and turn off the compression and image
re-rendering options.
 
Happy Easter!

G
> 
> > -----Original Message-----
> > From: Glyn Geoghegan [mailto:glyng at moiler.com] 
> > Sent: 12 April 2004 12:19
> > To: 'Mark Curphey'; 'owasp-testing at lists.sourceforge.net'
> > Subject: RE: [OWASP-TESTING] Got Sidetracked
> > 
> > Check-in: OWASP web app internet checklist (pdf)
> > Comments: Added Jeff's access control goodies and a couple of 
> > my own.  Reformatted the table.  Some of Jeff's may get more 
> > into the 'how' than was intended for this checklist, but they 
> > are all valid controls so I put them in.  I will also send 
> > over the word doc with tracked changes for any final 
> > editorial decisions.
> > 
> > G
> > 
> > > -----Original Message-----
> > > From: owasp-testing-admin at lists.sourceforge.net 
> > > [mailto:owasp-testing-admin at lists.sourceforge.net] On Behalf 
> > > Of Glyn Geoghegan
> > > Sent: 12 April 2004 11:08
> > > To: 'Mark Curphey'; owasp-testing at lists.sourceforge.net
> > > Subject: RE: [OWASP-TESTING] Got Sidetracked
> > > 
> > > Checkout: owasp web app internet checklist
> > > Comments: updating with Jeff's stuff, tweaking the format to 
> > > make it nice
> > > and proofing.
> > > 
> > > G 
> > > 
> > > > -----Original Message-----
> > > > From: owasp-testing-admin at lists.sourceforge.net 
> > > > [mailto:owasp-testing-admin at lists.sourceforge.net] On Behalf 
> > > > Of Mark Curphey
> > > > Sent: 12 April 2004 10:23
> > > > To: owasp-testing at lists.sourceforge.net
> > > > Subject: [OWASP-TESTING] Got Sidetracked
> > > > 
> > > > But I have updated the site when it comes back online 
> and set the
> > > > publication date for 2 weeks. This should give us enough time 
> > > > this week
> > > > to get any updates and proof read it. Hope that's OK with 
> > everyone ?
> > > > 
> > > > Also if anyone can add Jeffs additions and then PDF the file 
> > > > it would be
> > > > appreciated. When I PDF it the flowchart becomes unreadable.
> > > > 
> > > > Thanks.
> > > > 
> > > > Mark Curphey
> > > > Consulting Director
> > > > Foundstone, Inc.
> > > > Strategic Security
> > > > 
> > > > 949.297.5600 x2070 Tel 
> > > > 781.738.0857 Cell
> > > > 949.297.5575 Fax 
> > > > 
> > > > http://www.foundstone.com 
> > > > 
> > > > This email may contain confidential and privileged 
> > > information for the
> > > > sole use of the intended recipient. Any review or 
> > > > distribution by others
> > > > is strictly prohibited. If you are not the intended 
> > > recipient, please
> > > > contact the sender and delete all copies of this message. 
> > > Thank you. 
> > > > 
> > > > 
> > > > -------------------------------------------------------
> > > > This SF.Net email is sponsored by: IBM Linux Tutorials
> > > > Free Linux tutorial presented by Daniel Robbins, President 
> > > and CEO of
> > > > GenToo technologies. Learn everything from fundamentals 
> to system
> > > > administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=ick
> > > > _______________________________________________
> > > > owasp-testing mailing list
> > > > owasp-testing at lists.sourceforge.net
> > > > https://lists.sourceforge.net/lists/listinfo/owasp-testing
> > > 
> > > 
> > > 
> > > -------------------------------------------------------
> > > This SF.Net email is sponsored by: IBM Linux Tutorials
> > > Free Linux tutorial presented by Daniel Robbins, President 
> > and CEO of
> > > GenToo technologies. Learn everything from fundamentals to system
> > > administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=ick
> > > _______________________________________________
> > > owasp-testing mailing list
> > > owasp-testing at lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/owasp-testing




More information about the Owasp-testing mailing list