[OWASP-TESTING] final draft of the outline

Eoin Keary eoinkeary at hotmail.com
Thu May 5 06:14:41 EDT 2005


Is this a "How long is a piece of string" estimate, a guess.
Number of testers * number of days is subjective upon the application size 
and complexity. Administration support to assist in tasks is also a key 
factor. The quality of the data and stability of the application would 
affect time lines also.
If this is a black box we dont know the LOC so we can not estimate that way. 
I do such a thing with code review (7KLoc/day) to give an estimate on 
completion time.
So is putting average time to do a test really useful.
Would it not be better to get the industry average daily cost per 
resource(person)?

Now, Off to walk to dog ;0)
Eoin


>From: "Daniel" <daniel.cuthbert at owasp.org>
>Reply-To: daniel.cuthbert at owasp.org
>To: owasp-testing at lists.sourceforge.net
>Subject: RE: [OWASP-TESTING] final draft of the outline
>Date: Thu, 5 May 2005 04:48:00 -0400 (EDT)
>
>Ok, a small section detailing what an average test should take to complete
>as well as deliverables maybe?
>
>maybe a good way to go is to help people out there distinguish from the
>cowboys offering app testing to the companies/individuals who actually do
>the job correctly
>
>
>Revelli Alberto said:
> > Cost in $$$ can be very fluctuating, I agree.
> > But as long as we stick to a rough estimate in (number_of_testers *
> > test_days), I believe that a few hints could be quite helpful.
> >
> > A.
> >
> >
> > -----Original Message-----
> > From: owasp-testing-admin at lists.sourceforge.net on behalf of Daniel
> > Sent: Wed 5/4/2005 4:55 PM
> > To: owasp-testing at lists.sourceforge.net
> > Subject: Re: [OWASP-TESTING] final draft of the outline
> >
> > I'd like to stay away from the cost factor, as the cost is constantly
> > changing (example, here in the UK, the day rate changes between 1000
> > pounds to 1400 pounds, depending on whom you are dealing with)
> >
> >
> >
> >
> > Simon Roses Femerling said:
> >> Hi all,
> >>
> >> What about cost, project estimation, etc.. ?
> >>
> >> IMO the document should also provide some directions about this matter.
> >> or
> >> is this subject more relevant to
> >> Phase One doc. I know this domain is so vast and dynamic (web servers,
> >> aplication servers, etc..) that is hard to estimate.
> >>
> >> I believe something like OSSTM "Rule of Thumb" would be nice for WAVA,
> >> btw
> >> nice word :)
> >>
> >> Some directions about this subject can be of some benefits, as security
> >> pros
> >> can provide customers with
> >> "real" estimations and customers can get an idea of what to expect of
> >> the
> >> engagement.
> >>
> >> Take care,
> >>
> >> Simon Roses Femerling
> >> Consultor en Seguridad / IT Security Consultant
> >> IT Deusto
> >> http://www.itdeusto.com
> >> Madrid, Spain
> >> ----- Original Message -----
> >> From: "Daniel Cuthbert" <daniel.cuthbert at owasp.org>
> >> To: <owasp-testing at lists.sourceforge.net>
> >> Sent: Wednesday, May 04, 2005 2:06 AM
> >> Subject: [OWASP-TESTING] final draft of the outline
> >>
> >>
> >>> hey all,
> >>>
> >>> Attached is, what i feel, the final draft of the initial outline.
> >>> If everyone is happy with what is included, i'll spend the remainder
> >>> of this week creating the sections in which everyone can choose their
> >>> chosen topic.
> >>>
> >>> Obviously the basic penetration testing tips caused an interesting
> >>> discussion, i'll have a think about the future of them within the
> >>> testing guide.
> >>>
> >>> Look forward to your feedback
> >>>
> >>> Daniel
> >>>
> >>>
> >>
> >>
> >>
> >
> >
> > Daniel
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: NEC IT Guy Games.
> > Get your fingers limbered up and give it your best shot. 4 great events, 
>4
> > opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
> > win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20
> > _______________________________________________
> > owasp-testing mailing list
> > owasp-testing at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/owasp-testing
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: NEC IT Guy Games.
> > Get your fingers limbered up and give it your best shot. 4 great events, 
>4
> > opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
> > win an NEC 61 plasma display. Visit http://www.necitguy.com/?r
> > _______________________________________________
> > owasp-testing mailing list
> > owasp-testing at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/owasp-testing
> >
>
>
>Daniel
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: NEC IT Guy Games.
>Get your fingers limbered up and give it your best shot. 4 great events, 4
>opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
>win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20
>_______________________________________________
>owasp-testing mailing list
>owasp-testing at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/owasp-testing

_________________________________________________________________
Send a sexy animated wink with Messenger 7.0 - FREE download! 
http://messenger.msn.co.uk





More information about the Owasp-testing mailing list