[OWASP-TESTING] "positive" approach

Calderon, Juan Carlos (GE Commercial Finance, NonGE) juan.calderon at ge.com
Wed Jul 14 18:37:40 EDT 2004


Just my two cents

IMHO "positive" approaches are better than "negative", please use it while building this guide. for example suggest tests to confirm proper session handling not to look for session hijack problem.

Security community is full of this kind of "negative" approaches (Always looking for bad implementations), let's make this guide different by teaching how to look for proper implementations and let people learn how to implement a solution, rather than how to avoid all kind of problems.

I hope I could show my point.

Best regards

_Juan C Calderon_




More information about the Owasp-testing mailing list