[OWASP-TESTING] Final pentest checklist

Andrew van der Stock vanderaj at greebo.net
Mon Jul 5 08:58:07 EDT 2004


I've sent Daniel the revised draft and PDF. 

Andrew

-----Original Message-----
From: owasp-testing-admin at lists.sourceforge.net
[mailto:owasp-testing-admin at lists.sourceforge.net] On Behalf Of Daniel
Sent: Monday, 5 July 2004 9:51 PM
To: owasp 
Subject: Re: [OWASP-TESTING] Final pentest checklist

>
> Daniel,
>
Caught in time :0)

I'm going to use the 2002 version as the Jan 2004 is still draft and i
feel uneasy using a draft version as a reference.


> Just a quick comment, I hope it's not too late.
>
> The NIST 800-30 document is at (version 2002)
> http://csrc.nist.gov/publications/nistpubs/index.html#sp800-30
>
> If you want the January 2004 draft, its
> http://csrc.nist.gov/publications/drafts/SP800-30-RevA-draft.pdf
>
> (This link will probably expire soon since the deadline for sending
> comments expired in March 20, 2004)
>
> And could you include the title of the NIST document in the footnote
> where you put the link?
> The title is "Risk Management Guide for Information Technology Systems"
>
> ---------
>
> I caught an error in the User Authentication part.
> The item number 10 has errors, Ref. number should be, "OWASP-AUTHN-0010"
> and the objective should be "Ensure that passwords are not _blank_" not
> _black_ :o)
>
> ----
>
> In configuration management I think the objective for "OWASP-CM-003"
> should be changed to, "Ensure that all vendor patches for known
> vulnerabilities are applied."
>
> -----
>
> In the data protection part, OWASP-DP-004, add to objective, "vulnerable
> to the Man-In-The-Middle attack"
>
> --
> Mads Rasmussen, M.Sc.
> Open Communications Security
> www.opencs.com.br
> +55 11 3345 2525
>
>




-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
owasp-testing mailing list
owasp-testing at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owasp-testing







More information about the Owasp-testing mailing list