[OWASP-TESTING] OWASP Testing Project Part 1.doc

Glyn Geoghegan glyng at moiler.com
Tue Mar 30 17:16:30 EST 2004


I'm still here.  Will have more time to spend on part 2. 

> -----Original Message-----
> From: owasp-testing-admin at lists.sourceforge.net 
> [mailto:owasp-testing-admin at lists.sourceforge.net] On Behalf 
> Of daniel at deeper.co.za
> Sent: 31 March 2004 00:31
> To: owasp-testing at lists.sourceforge.net
> Subject: RE: [OWASP-TESTING] OWASP Testing Project Part 1.doc
> 
> just as a matter of interest, how many active people are there still?
> 
> its seems to me like only about 6 or 7
> 
> 
> 
> > Okay...I'm back alive & well.  My recent travels have taken 
> me to Atlanta
> > (for the recent WebInspect SPI course - can possibly add 
> some content
> > regarding pros/cons of scanners if there is still room and after the
> > Principals are done) and then half-way around the globe for 
> an engagement
> > where I ran into quite a few time-consuming issues.  
> Anywho, I have been
> > actively working on the 'Principals' all the while and will 
> send out a draft
> > of what I have this evening (rain or shine).  I apologize 
> for leaving
> > everyone hanging.
> >  
> >  
> > - Carl
> > 
> > -----Original Message-----
> > From: Mark Curphey [mailto:mark.curphey at foundstone.com]
> > Sent: Tuesday, March 30, 2004 7:50 AM
> > To: Jeff Williams; owasp-testing at lists.sourceforge.net
> > Subject: RE: [OWASP-TESTING] OWASP Testing Project Part 1.doc
> > 
> > 
> > I like that. Originally it was in the previous chapter 
> where re-reading I
> > now think it belongs. Let me finish it tonight and re-arrange. 
> >  
> > Principles needs to be upfront as well and finished. Carl 
> David where art
> > thou ?
> >  
> > 
> > Mark Curphey
> > Consulting Director
> > Foundstone, Inc.
> > Strategic Security
> > 
> > 949.297.5600 x2070 Tel
> > 781.738.0857 Cell
> > 949.297.5575 Fax
> > 
> > http://www.foundstone.com <http://www.foundstone.com/> 
> > 
> > This email may contain confidential and privileged 
> information for the sole
> > use of the intended recipient. Any review or distribution 
> by others is
> > strictly prohibited. If you are not the intended recipient, 
> please contact
> > the sender and delete all copies of this message. Thank you. 
> > 
> >  
> > 
> >   _____  
> > 
> > From: Jeff Williams [mailto:jeff.williams at aspectsecurity.com] 
> > Sent: Tuesday, March 30, 2004 12:45 AM
> > To: owasp-testing at lists.sourceforge.net
> > Subject: Re: [OWASP-TESTING] OWASP Testing Project Part 1.doc
> > 
> > 
> > Mark,
> >  
> > Great progress. I have a few structural comments to offer 
> for what they're
> > worth.
> >  
> > As I read the threat modelling section, it occurred to me 
> that it is a bit
> > different that the "testing techniques' that it is listed 
> as a peer with.
> > It seems to me that all the testing techniques rely on some 
> understanding of
> > the security requirements, which in turn are hopefully 
> based on a decent
> > understanding of the risk. Do you think it would be useful 
> to pull out the
> > parts of that section that are most useful during 
> requirements gathering,
> > and change the rest into some sort of design/architecture review?.
> >  
> > I found Chapter 5 - Principles of Testing to be a bit too 
> far down in the
> > document for me.  I like to get the principles out early 
> and then develop
> > them throughout.  That might just be a style issue though.
> >  
> > -- Jeff 
> > 
> > ----- Original Message ----- 
> > From: Mark Curphey <mailto:mark.curphey at foundstone.com>  
> > To: owasp-testing at lists.sourceforge.net
> > <mailto:owasp-testing at lists.sourceforge.net>  
> > Sent: Monday, March 29, 2004 11:43 PM
> > Subject: [OWASP-TESTING] OWASP Testing Project Part 1.doc
> > 
> > 
> > Updated with a half completed section on threat modeling. I will
> > complete tomorrow and plough on with the other sections. 
> > 
> >  <<OWASP Testing Project Part 1.doc>> 
> > 
> > 
> > 
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> owasp-testing mailing list
> owasp-testing at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-testing





More information about the Owasp-testing mailing list