[OWASP-TESTING] RE: [OWASP-TESTING] OWASP Testing Project Part 1.doc

Davis, Carl cdavis at fnni.com
Tue Mar 30 21:36:12 EST 2004


Gentlemen,
 
By my count (latest draft sent out) we currently have a total of 11
Principles.  I would like to suggest chucking "The Devil is in the Details"
heading and redistributing the current sub-bullets to other 'Principals' as
follows if there are no objections:
 

            -            Weed out false positives > Use the Right Tools

            -            Thoroughly explore logic in an attempt to expose
flaws > Use The Source Code When Possible

            -            Look for discrete vulnerabilities > Use The Source
Code When Possible

            -            Become intimate with the application > Know Thy
Target

            -            Evaluate every aspect > Know Thy Target

 

 

Below is the current list of Principals:

 

There is No Silver Bullet

Think Strategically, Not Tactically

The SDLC is King

Test Early and Test Often

Understand the Scope

Mindset 

Know Thy Target

Use the Right Tools

The Devil is in the Details

Use The Source Code When Possible

    Develop Metrics 

 

 

Proposed List:

 

There is No Silver Bullet

Think Strategically, Not Tactically

The SDLC is King

Test Early and Test Often

Understand the Scope

Mindset 

Know Thy Target

Use the Right Tools

Use The Source Code When Possible

    Develop Metrics 

 

 

- Carl

 

         

-----Original Message----- 
From: Mark Curphey [mailto:mark.curphey at foundstone.com] 
Sent: Tue 3/30/2004 8:56 AM 
To: owasp-testing at lists.sourceforge.net 
Cc: 
Subject: [OWASP-TESTING] OWASP Testing Project Part 1.doc




This should flow better as per Jeff's comments. I will complete the 
Threat Modeling section later today. 

Mark 
 <<OWASP Testing Project Part 1.doc>> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20040330/75f51072/attachment.html 


More information about the Owasp-testing mailing list