[OWASP-TESTING] Updated Master Draft

Mark Curphey mark.curphey at foundstone.com
Mon Mar 15 23:25:01 EST 2004


OK Gents

As always I would love to have had more time on this today than I did
but it is moving again. I will complete more tomorrow (and later
tonight) but I wanted to send out an update.

I am not sure about you but I like to work by creating the headings and
then filling in the details when the big picture is good. I am starting
to really like the flow we have now. 

Responsibilities are;

Chapter 1 - MC
Chapter 2 ?
Chapter 3 - JC
Chapter 4 - MC (done but not added or formatted)
Chapter 5 - CD
Chapter 6 - MC
Appendix A - ?
Appendix B - ?

For the two appendices, I think the aim is to focus on quality rather
than list every book, paper or tool we can find.

Let me know if you want to take on 2 or the Appendices. 

Also there are big holes in Chapter 3 i.e. no pen testing overview or
documentation / design testing overview.

Of the source code section in there today, my personal thoughts are it
is bordering in the how (i.e. prescribing things to test for) rather
than describing the process. Thoughts ?

Lots more to come tomorrow.


Chapter 1 - Introduction	3
	About OWASP	3
	About the OWASP Testing Project	3
	The Economics of Insecure Software	3
	OWASP Testing Project Parts 1 and 2	3
	How to Use this Document	3
	Feedback and Comments	3
Chapter 2 - The Scope of Testing	4
Chapter 3 - Testing Techniques Explained	5
	Documentation Reviews	5
	Source Code Review	5
	Penetration Testing	7
Chapter 4 - Which Techniques Should You Use At Which Phase in Your SDLC?
8
Chapter 5 - Ten Testing Principles	9
Chapter 6 - The OWASP Testing Framework Explained	12
	Testing the Requirements	13
	Testing the Design	13
	Testing Development	13
	Testing Deployment	13
	A Typical SDLC Testing Workflow	13
Appendix A - Testing Tools	14
	Source Code Analyzers	14
	Black Box Scanners	14
	Other Tools	14
Appendix B - Suggested Further Reading	15
	Whitepapers	15
	Books	15
	Articles	15

Mark Curphey
Consulting Director
Foundstone, Inc.
Strategic Security

949.297.5600 x2070 Tel 
781.738.0857 Cell
949.297.5575 Fax 

http://www.foundstone.com 

This email may contain confidential and privileged information for the
sole use of the intended recipient. Any review or distribution by others
is strictly prohibited. If you are not the intended recipient, please
contact the sender and delete all copies of this message. Thank you. 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OWASP Testing Project Part 1.doc
Type: application/msword
Size: 90112 bytes
Desc: OWASP Testing Project Part 1.doc
Url : http://lists.owasp.org/pipermail/owasp-testing/attachments/20040315/1708ab1b/attachment.doc 


More information about the Owasp-testing mailing list