[OWASP-TESTING] updated: Code Review Section for Testing guide (Draft)

Mark Curphey mark.curphey at foundstone.com
Sun Mar 28 22:44:20 EST 2004


I haven't completed what I planned to this weekend so far. I'll send an
updated draft before Tuesday. Sorry.
-----Original Message-----
From: Calderon, Juan Carlos (GE Commercial Finance, NonGE)
[mailto:juan.calderon at ge.com] 
Sent: Saturday, March 27, 2004 3:26 PM
To: owasp-testing at lists.sourceforge.net
Subject: [OWASP-TESTING] updated: Code Review Section for Testing guide
(Draft)

Hi all

I'm sending my part of the OWASP testing guide, updated.  I've re-read
OWASP guide and the initial and final Drafts Mark sent us and I found I
was wrong in some points. I sould say I was not happy with my first
draft but now I've changed some things for a "positive" point of view
and taking away the "how" it's taking better shape. I could not work on
some parts like advantages and deliverables part, oh well.

Thanks to Mark, Jeff and Javier for your feedback on last draft sent, it
was on great help.

Additionally I have some thoughts

Mark, I think you omitted regulations in the first section of your "A
Typical SDLC Testing Workflow" graphic.

Also I don't know if "OWASP guide" the one to mitigate OWASP Top Ten
(and more than that) and OWASP Testing guide, won't be confused. Don't
know if I'm "crossing the line" saying this, IMHO probably OWASP Guide
should change it's name to something more descriptive, too late
perhaps?.

Well, that's it

Later,
JC





More information about the Owasp-testing mailing list