[OWASP-TESTING] RE: [OWASP-TESTING] OWASP Testing Project Part 1.doc

Mark Curphey mark at curphey.com
Tue Mar 30 21:45:23 EST 2004


 Works for me. Feel free to edit the last draft I sent out. I won't be touching it for the next 18 hours.
 
  Davis, Carl <cdavis at fnni.com> wrote:      Gentlemen,       By my count (latest draft sent out) we currently have a total of 11 Principles.  I would like to suggest chucking "The Devil is in the Details" heading and redistributing the current sub-bullets to other 'Principals' as follows if there are no objections:        

              -              Weed out false positives >  Use the Right Tools 

 

              -              Thoroughly explore logic in an attempt to expose flaws >  Use The Source Code When Possible 

 

              -              Look for discrete vulnerabilities >  Use The Source Code When Possible 

 

              -              Become intimate with the application >  Know Thy Target    

 

               -              Evaluate every aspect >  Know Thy Target  

 

     

 

     

 

   Below is the current list of Principals:   

 

       

   

 There is No Silver Bullet 

 

 Think Strategically, Not Tactically 

 

 The SDLC is King 

 

 Test Early and Test Often 

 

 Understand the Scope 

 

 Mindset      

 

 Know Thy Target 

 

 Use the Right Tools 

 

 The Devil is in the Details 

 

 Use The Source Code When Possible 

 

      Develop Metrics       

 

         

 

           

 

     Proposed List:     

 

       

 

 There is No Silver Bullet 

 

 Think Strategically, Not Tactically 

 

 The SDLC is King 

 

 Test Early and Test Often 

 

 Understand the Scope 

 

 Mindset      

 

 Know Thy Target 

 

 Use the Right Tools 

 

 Use The Source Code When Possible 

 

      Develop Metrics       

       

           

 

           

 

    - Carl    

 

             

 

           

      -----Original Message----- 
 From:  Mark Curphey [mailto:mark.curphey at foundstone.com] 
 Sent:  Tue 3/30/2004 8:56 AM 
 To:  owasp-testing at lists.sourceforge.net 
 Cc:  
 Subject:  [OWASP-TESTING] OWASP Testing Project Part 1.doc

   

  
 This should flow better as per Jeff's comments. I will complete the  
 Threat Modeling section later today.  

 

 Mark  
  <<OWASP Testing Project Part 1.doc>>  

   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20040330/d9a5b49b/attachment.html 


More information about the Owasp-testing mailing list