[OWASP-TESTING] OWASP Testing Project Part 1.doc

daniel at deeper.co.za daniel at deeper.co.za
Tue Mar 30 09:30:41 EST 2004


just as a matter of interest, how many active people are there still?

its seems to me like only about 6 or 7



> Okay...I'm back alive & well.  My recent travels have taken me to Atlanta
> (for the recent WebInspect SPI course - can possibly add some content
> regarding pros/cons of scanners if there is still room and after the
> Principals are done) and then half-way around the globe for an engagement
> where I ran into quite a few time-consuming issues.  Anywho, I have been
> actively working on the 'Principals' all the while and will send out a draft
> of what I have this evening (rain or shine).  I apologize for leaving
> everyone hanging.
>  
>  
> - Carl
> 
> -----Original Message-----
> From: Mark Curphey [mailto:mark.curphey at foundstone.com]
> Sent: Tuesday, March 30, 2004 7:50 AM
> To: Jeff Williams; owasp-testing at lists.sourceforge.net
> Subject: RE: [OWASP-TESTING] OWASP Testing Project Part 1.doc
> 
> 
> I like that. Originally it was in the previous chapter where re-reading I
> now think it belongs. Let me finish it tonight and re-arrange. 
>  
> Principles needs to be upfront as well and finished. Carl David where art
> thou ?
>  
> 
> Mark Curphey
> Consulting Director
> Foundstone, Inc.
> Strategic Security
> 
> 949.297.5600 x2070 Tel
> 781.738.0857 Cell
> 949.297.5575 Fax
> 
> http://www.foundstone.com <http://www.foundstone.com/> 
> 
> This email may contain confidential and privileged information for the sole
> use of the intended recipient. Any review or distribution by others is
> strictly prohibited. If you are not the intended recipient, please contact
> the sender and delete all copies of this message. Thank you. 
> 
>  
> 
>   _____  
> 
> From: Jeff Williams [mailto:jeff.williams at aspectsecurity.com] 
> Sent: Tuesday, March 30, 2004 12:45 AM
> To: owasp-testing at lists.sourceforge.net
> Subject: Re: [OWASP-TESTING] OWASP Testing Project Part 1.doc
> 
> 
> Mark,
>  
> Great progress. I have a few structural comments to offer for what they're
> worth.
>  
> As I read the threat modelling section, it occurred to me that it is a bit
> different that the "testing techniques' that it is listed as a peer with.
> It seems to me that all the testing techniques rely on some understanding of
> the security requirements, which in turn are hopefully based on a decent
> understanding of the risk. Do you think it would be useful to pull out the
> parts of that section that are most useful during requirements gathering,
> and change the rest into some sort of design/architecture review?.
>  
> I found Chapter 5 - Principles of Testing to be a bit too far down in the
> document for me.  I like to get the principles out early and then develop
> them throughout.  That might just be a style issue though.
>  
> -- Jeff 
> 
> ----- Original Message ----- 
> From: Mark Curphey <mailto:mark.curphey at foundstone.com>  
> To: owasp-testing at lists.sourceforge.net
> <mailto:owasp-testing at lists.sourceforge.net>  
> Sent: Monday, March 29, 2004 11:43 PM
> Subject: [OWASP-TESTING] OWASP Testing Project Part 1.doc
> 
> 
> Updated with a half completed section on threat modeling. I will
> complete tomorrow and plough on with the other sections. 
> 
>  <<OWASP Testing Project Part 1.doc>> 
> 
> 
> 






More information about the Owasp-testing mailing list