[OWASP-TESTING] OWASP Testing Project V1.0 - Chapter 3 - The Testing Framework Explained.doc

Glyn glyng at moiler.com
Sat Feb 28 21:41:19 EST 2004


Looks good.

I think there is a place for black-box testing alongside code reviews during
development too.

For example, this can include testing the data interfaces of discrete
application components as they are developed, analysing their interaction
and the traffic flow.  

This ultimately leads on to deployment testing which is often focussed more
on the application's interaction with end users than interaction within
itself.

Our testing typically loops through the intended operation of the
app/component, its actual behaviour, and its impact on security as a whole.

Glyn.

> -----Original Message-----
> From: owasp-testing-admin at lists.sourceforge.net 
> [mailto:owasp-testing-admin at lists.sourceforge.net] On Behalf 
> Of Mark Curphey
> Sent: 29 February 2004 01:32
> To: owasp-testing at lists.sourceforge.net
> Subject: [OWASP-TESTING] OWASP Testing Project V1.0 - Chapter 
> 3 - The Testing Framework Explained.doc
> 
> I was thinking of something like this for the Framework 
> Chapter itself.
> What do you think ?
> 
> Essentially presenting a generic SDLC and highlighting 
> activities that could / should be carried out at each stage 
> in the dev process. 
> 
> Does this make sense?
> 
> If so I will fill in the text tonight....
> 
> Damn now its out that I am late as well ;-)  <<OWASP Testing 
> Project V1.0 - Chapter 3 - The Testing Framework Explained.doc>> 
> 





More information about the Owasp-testing mailing list