[OWASP-TESTING] final draft of the outline

Sebastien Deleersnyder sdl at ascure.com
Wed May 4 01:42:28 EDT 2005


Hey,

Looks nice,
Maybe some things to add:
1) Clear definition of audit/assessment/penetration testing 
2) How to split up an application test into manageable network pentest /
assessment / system assessment / service assessments / application
testing ...
3) A section on reporting. We have good experience splitting reports up
into 
* technically detailed reports per test as first level of reporting, 
* then creating one detailed audit report grouping the findings,
analysis and recommendations together with some risk rating 
* and one management document with some nice color graphs and 1 page
summary

Regards,

Sebastien

-----Original Message-----
From: owasp-testing-admin at lists.sourceforge.net
[mailto:owasp-testing-admin at lists.sourceforge.net] On Behalf Of Daniel
Cuthbert
Sent: woensdag 4 mei 2005 2:07
To: owasp-testing at lists.sourceforge.net
Subject: [OWASP-TESTING] final draft of the outline

hey all,

Attached is, what i feel, the final draft of the initial outline.
If everyone is happy with what is included, i'll spend the remainder of
this week creating the sections in which everyone can choose their
chosen topic.

Obviously the basic penetration testing tips caused an interesting
discussion, i'll have a think about the future of them within the
testing guide.

Look forward to your feedback

Daniel





More information about the Owasp-testing mailing list