[OWASP-TESTING] OWASP Testing Project Part 1.doc

Jeff Williams jeff.williams at aspectsecurity.com
Tue Mar 30 00:45:00 EST 2004


Mark,

Great progress. I have a few structural comments to offer for what they're worth.

As I read the threat modelling section, it occurred to me that it is a bit different that the "testing techniques' that it is listed as a peer with.  It seems to me that all the testing techniques rely on some understanding of the security requirements, which in turn are hopefully based on a decent understanding of the risk. Do you think it would be useful to pull out the parts of that section that are most useful during requirements gathering, and change the rest into some sort of design/architecture review?.

I found Chapter 5 - Principles of Testing to be a bit too far down in the document for me.  I like to get the principles out early and then develop them throughout.  That might just be a style issue though.

--Jeff 
  ----- Original Message ----- 
  From: Mark Curphey 
  To: owasp-testing at lists.sourceforge.net 
  Sent: Monday, March 29, 2004 11:43 PM
  Subject: [OWASP-TESTING] OWASP Testing Project Part 1.doc



  Updated with a half completed section on threat modeling. I will
  complete tomorrow and plough on with the other sections. 

   <<OWASP Testing Project Part 1.doc>> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20040330/4f275571/attachment.html 


More information about the Owasp-testing mailing list