[OWASP-TESTING] Got Sidetracked

Daniel Daniel at deeper.co.za
Mon Apr 12 12:58:15 EDT 2004


ill update it and post a new version tomorrow


On 12 Apr 2004, at 17:47, Calderon, Juan Carlos ((GE Commercial 
Finance, NonGE)) wrote:

> hey!
>
> Congrats to all, the new flow is cool and the whole thing looks just 
> great!
>
> I have no further comments about the "issues" just a few about the 
> workflow (Dan?)
>
> 1. In some processes like "try to exploit the vulnerability" is not a 
> decision point so I think the "Yes" flow arrow should not go there.
> 2. "Can you compromise the application with the vulnerability?" it is 
> a decision point so it should be into a rhombus
> 3. "Is there information leakage?" has 2 "YES" flow arrows.
> 4. "Is the type of information business critical?" has no "NO" flow 
> arrow
> 5. "Have all possible test being executed?" it is not "referenced", 
> IMO the "YES" flow arrow from "Have all attack methods being exhausted 
> and investigated?" should be pointing here.
>
> Cheers
>
> JC
>
> -----Original Message-----
> From: owasp-testing-admin at lists.sourceforge.net
> [mailto:owasp-testing-admin at lists.sourceforge.net]On Behalf Of Glyn
> Geoghegan
> Sent: Sunday, April 11, 2004 9:39 PM
> To: 'Mark Curphey'; owasp-testing at lists.sourceforge.net
> Subject: RE: [OWASP-TESTING] Got Sidetracked
>
>
> Check-in: OWASP web app internet checklist (doc)
> Comments: as before, but with tracked changes.
>
> On the topic of PDF creation: The reasons the pictures look shoddy are
> because of the image compression used by default in an attempt to 
> reduce the
> file sizes.
>
> In open office, use the file/export to pdf option and then choose 
> 'press
> quality'.
> In acrobat, go into the pdf options and turn off the compression and 
> image
> re-rendering options.
>
> Happy Easter!
>
> G
>>
>>> -----Original Message-----
>>> From: Glyn Geoghegan [mailto:glyng at moiler.com]
>>> Sent: 12 April 2004 12:19
>>> To: 'Mark Curphey'; 'owasp-testing at lists.sourceforge.net'
>>> Subject: RE: [OWASP-TESTING] Got Sidetracked
>>>
>>> Check-in: OWASP web app internet checklist (pdf)
>>> Comments: Added Jeff's access control goodies and a couple of
>>> my own.  Reformatted the table.  Some of Jeff's may get more
>>> into the 'how' than was intended for this checklist, but they
>>> are all valid controls so I put them in.  I will also send
>>> over the word doc with tracked changes for any final
>>> editorial decisions.
>>>
>>> G
>>>
>>>> -----Original Message-----
>>>> From: owasp-testing-admin at lists.sourceforge.net
>>>> [mailto:owasp-testing-admin at lists.sourceforge.net] On Behalf
>>>> Of Glyn Geoghegan
>>>> Sent: 12 April 2004 11:08
>>>> To: 'Mark Curphey'; owasp-testing at lists.sourceforge.net
>>>> Subject: RE: [OWASP-TESTING] Got Sidetracked
>>>>
>>>> Checkout: owasp web app internet checklist
>>>> Comments: updating with Jeff's stuff, tweaking the format to
>>>> make it nice
>>>> and proofing.
>>>>
>>>> G
>>>>
>>>>> -----Original Message-----
>>>>> From: owasp-testing-admin at lists.sourceforge.net
>>>>> [mailto:owasp-testing-admin at lists.sourceforge.net] On Behalf
>>>>> Of Mark Curphey
>>>>> Sent: 12 April 2004 10:23
>>>>> To: owasp-testing at lists.sourceforge.net
>>>>> Subject: [OWASP-TESTING] Got Sidetracked
>>>>>
>>>>> But I have updated the site when it comes back online
>> and set the
>>>>> publication date for 2 weeks. This should give us enough time
>>>>> this week
>>>>> to get any updates and proof read it. Hope that's OK with
>>> everyone ?
>>>>>
>>>>> Also if anyone can add Jeffs additions and then PDF the file
>>>>> it would be
>>>>> appreciated. When I PDF it the flowchart becomes unreadable.
>>>>>
>>>>> Thanks.
>>>>>
>>>>> Mark Curphey
>>>>> Consulting Director
>>>>> Foundstone, Inc.
>>>>> Strategic Security
>>>>>
>>>>> 949.297.5600 x2070 Tel
>>>>> 781.738.0857 Cell
>>>>> 949.297.5575 Fax
>>>>>
>>>>> http://www.foundstone.com
>>>>>
>>>>> This email may contain confidential and privileged
>>>> information for the
>>>>> sole use of the intended recipient. Any review or
>>>>> distribution by others
>>>>> is strictly prohibited. If you are not the intended
>>>> recipient, please
>>>>> contact the sender and delete all copies of this message.
>>>> Thank you.
>>>>>
>>>>>
>>>>> -------------------------------------------------------
>>>>> This SF.Net email is sponsored by: IBM Linux Tutorials
>>>>> Free Linux tutorial presented by Daniel Robbins, President
>>>> and CEO of
>>>>> GenToo technologies. Learn everything from fundamentals
>> to system
>>>>> administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=ick
>>>>> _______________________________________________
>>>>> owasp-testing mailing list
>>>>> owasp-testing at lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/owasp-testing
>>>>
>>>>
>>>>
>>>> -------------------------------------------------------
>>>> This SF.Net email is sponsored by: IBM Linux Tutorials
>>>> Free Linux tutorial presented by Daniel Robbins, President
>>> and CEO of
>>>> GenToo technologies. Learn everything from fundamentals to system
>>>> administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=ick
>>>> _______________________________________________
>>>> owasp-testing mailing list
>>>> owasp-testing at lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/owasp-testing
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
> _______________________________________________
> owasp-testing mailing list
> owasp-testing at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-testing
>





More information about the Owasp-testing mailing list