[OWASP-TESTING] phase I, pre-release

Javier Fernandez-Sanguino jfernandez at germinus.com
Tue Nov 16 10:13:22 EST 2004

Daniel wrote:
> Hi All,
> Attached is, what i feel, is the closest we will get for the final release
> of Phase One.
> PLEASE, if you have time by COB friday 19th nov, could you look at it and
> contribute any final changes you feel should be done.

Attached is a version including:

- the changes I suggested in Message-ID: 
<4129E914.2010205 at germinus.com> and provided in 
<41764521.7030308 at germinus.com>
Nobody commented on them (either saying they were ok or not ok). IMHO 
they improve the text (but they probably need reviewing by a native 

- date change (July -> November)

- a note about the consequences of insecure _web_ applications (in 
order to focus the text, sometimes it is too generic and applies to 
any application wether it's web related or not)

- a disadvantage of source code review and advantage of pentest

- a comment about focused pentesting advantages

- fixed a reference in "Phase 2D: Create and Review Threat Models" 
(the reference included the whole "Manual Inspection & Reviews" 
paragraph text instead of just the title)

- Fixed book names, added publishers and ISBN numbers to all books.

Hopefully this time they will make it to the final release.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: the owasp testing project1 - pre-rel-jfs.doc
Type: application/msword
Size: 376320 bytes
Desc: not available
Url : http://lists.owasp.org/pipermail/owasp-testing/attachments/20041116/1f161324/attachment.doc 

More information about the Owasp-testing mailing list