[OWASP-TESTING] OWASP Testing Project Part 1.doc

Mark Curphey mark.curphey at foundstone.com
Tue Mar 30 08:50:08 EST 2004

I like that. Originally it was in the previous chapter where re-reading
I now think it belongs. Let me finish it tonight and re-arrange. 
Principles needs to be upfront as well and finished. Carl David where
art thou ?

Mark Curphey
Consulting Director
Foundstone, Inc.
Strategic Security

949.297.5600 x2070 Tel
781.738.0857 Cell
949.297.5575 Fax

http://www.foundstone.com <http://www.foundstone.com/> 

This email may contain confidential and privileged information for the
sole use of the intended recipient. Any review or distribution by others
is strictly prohibited. If you are not the intended recipient, please
contact the sender and delete all copies of this message. Thank you. 



From: Jeff Williams [mailto:jeff.williams at aspectsecurity.com] 
Sent: Tuesday, March 30, 2004 12:45 AM
To: owasp-testing at lists.sourceforge.net
Subject: Re: [OWASP-TESTING] OWASP Testing Project Part 1.doc

Great progress. I have a few structural comments to offer for what
they're worth.
As I read the threat modelling section, it occurred to me that it is a
bit different that the "testing techniques' that it is listed as a peer
with.  It seems to me that all the testing techniques rely on some
understanding of the security requirements, which in turn are hopefully
based on a decent understanding of the risk. Do you think it would be
useful to pull out the parts of that section that are most useful during
requirements gathering, and change the rest into some sort of
design/architecture review?.
I found Chapter 5 - Principles of Testing to be a bit too far down in
the document for me.  I like to get the principles out early and then
develop them throughout.  That might just be a style issue though.
-- Jeff 

	----- Original Message ----- 
	From: Mark Curphey <mailto:mark.curphey at foundstone.com>  
	To: owasp-testing at lists.sourceforge.net 
	Sent: Monday, March 29, 2004 11:43 PM
	Subject: [OWASP-TESTING] OWASP Testing Project Part 1.doc

	Updated with a half completed section on threat modeling. I will
	complete tomorrow and plough on with the other sections. 
	 <<OWASP Testing Project Part 1.doc>> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20040330/2cbed059/attachment.html 

More information about the Owasp-testing mailing list