[OWASP-TESTING] Testing Guide Security Code Review section (Draft)

Calderon, Juan Carlos (GE Commercial Finance, NonGE) juan.calderon at ge.com
Tue Mar 2 12:36:15 EST 2004

Hi all

Here is my first draft, I have some questions, though. that's why I'm
not sending my definitive outline (some sections could disappear)

1 are we making the scope table and the advantages/disadvantages tables?
how are they going to be defined?
2 I, in the white box testing section I recommend "issue tracking" and
"put in action what you've learned", but it is not supposed to have them
for all testing methods? IMHO it is not a section specific issue but
part of the testing framework.

What do you think?

please provide feedback,


PS I tried to write Web application sensitive points in a why/what/where
form (when applicable) without implicitly writing those words.
-------------- next part --------------
[Filename: Security Code Review testing guide (Part 1).ZIP, Content-Type: application/octet-stream]
This e-Mail had an attachment that was removed in order to meet GE Security guidelines.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2074 bytes
Desc: not available
Url : http://lists.owasp.org/pipermail/owasp-testing/attachments/20040302/98500d3f/attachment.bin 

More information about the Owasp-testing mailing list