[OWASP-TESTING] final draft of the outline

Daniel Cuthbert daniel.cuthbert at owasp.org
Wed May 4 03:13:54 EDT 2005


> 1) Clear definition of audit/assessment/penetration testing
definitely, this needs to be in there as i think there is still a  
large amount of confusion surrounding these terms

> 2) How to split up an application test into manageable network  
> pentest /
> assessment / system assessment / service assessments / application
> testing ...

that would be a good section to add

> 3) A section on reporting. We have good experience splitting  
> reports up
> into

This slipped my mind and should have made it to the document, that  
will teach me to do stuff at 1am

On 4 May 2005, at 06:42, Sebastien Deleersnyder wrote:

> Hey,
>
> Looks nice,
> Maybe some things to add:
> 1) Clear definition of audit/assessment/penetration testing
> 2) How to split up an application test into manageable network  
> pentest /
> assessment / system assessment / service assessments / application
> testing ...
> 3) A section on reporting. We have good experience splitting  
> reports up
> into
> * technically detailed reports per test as first level of reporting,
> * then creating one detailed audit report grouping the findings,
> analysis and recommendations together with some risk rating
> * and one management document with some nice color graphs and 1 page
> summary
>
> Regards,
>
> Sebastien
>
> -----Original Message-----
> From: owasp-testing-admin at lists.sourceforge.net
> [mailto:owasp-testing-admin at lists.sourceforge.net] On Behalf Of Daniel
> Cuthbert
> Sent: woensdag 4 mei 2005 2:07
> To: owasp-testing at lists.sourceforge.net
> Subject: [OWASP-TESTING] final draft of the outline
>
> hey all,
>
> Attached is, what i feel, the final draft of the initial outline.
> If everyone is happy with what is included, i'll spend the  
> remainder of
> this week creating the sections in which everyone can choose their
> chosen topic.
>
> Obviously the basic penetration testing tips caused an interesting
> discussion, i'll have a think about the future of them within the
> testing guide.
>
> Look forward to your feedback
>
> Daniel
>
>
>





More information about the Owasp-testing mailing list