[OWASP-TESTING] final draft of the outline

Daniel daniel.cuthbert at owasp.org
Thu May 5 05:35:52 EDT 2005


True, but a guideline (with a massive caveat stating this isnt set in
concrete blah blah blah) would help companies who have zero understanding
of app testing to understand if they are being taken for a ride.

Ok, hows about i'll write up the section and everyone can review it once
the rest of the sections are finished? We have a large amount of work
still to do and i'd rather we get started than getting slowed down on the
smaller issues

*mothering moan over, promise :0 *
Eoin Keary said:
> Is this a "How long is a piece of string" estimate, a guess.
> Number of testers * number of days is subjective upon the application size
> and complexity. Administration support to assist in tasks is also a key
> factor. The quality of the data and stability of the application would
> affect time lines also.
> If this is a black box we dont know the LOC so we can not estimate that
> way.
> I do such a thing with code review (7KLoc/day) to give an estimate on
> completion time.
> So is putting average time to do a test really useful.
> Would it not be better to get the industry average daily cost per
> resource(person)?
>
> Now, Off to walk to dog ;0)
> Eoin
>
>
>>From: "Daniel" <daniel.cuthbert at owasp.org>
>>Reply-To: daniel.cuthbert at owasp.org
>>To: owasp-testing at lists.sourceforge.net
>>Subject: RE: [OWASP-TESTING] final draft of the outline
>>Date: Thu, 5 May 2005 04:48:00 -0400 (EDT)
>>
>>Ok, a small section detailing what an average test should take to
>> complete
>>as well as deliverables maybe?
>>
>>maybe a good way to go is to help people out there distinguish from the
>>cowboys offering app testing to the companies/individuals who actually do
>>the job correctly
>>
>>
>>Revelli Alberto said:
>> > Cost in $$$ can be very fluctuating, I agree.
>> > But as long as we stick to a rough estimate in (number_of_testers *
>> > test_days), I believe that a few hints could be quite helpful.
>> >
>> > A.
>> >
>> >
>> > -----Original Message-----
>> > From: owasp-testing-admin at lists.sourceforge.net on behalf of Daniel
>> > Sent: Wed 5/4/2005 4:55 PM
>> > To: owasp-testing at lists.sourceforge.net
>> > Subject: Re: [OWASP-TESTING] final draft of the outline
>> >
>> > I'd like to stay away from the cost factor, as the cost is constantly
>> > changing (example, here in the UK, the day rate changes between 1000
>> > pounds to 1400 pounds, depending on whom you are dealing with)
>> >
>> >
>> >
>> >
>> > Simon Roses Femerling said:
>> >> Hi all,
>> >>
>> >> What about cost, project estimation, etc.. ?
>> >>
>> >> IMO the document should also provide some directions about this
>> matter.
>> >> or
>> >> is this subject more relevant to
>> >> Phase One doc. I know this domain is so vast and dynamic (web
>> servers,
>> >> aplication servers, etc..) that is hard to estimate.
>> >>
>> >> I believe something like OSSTM "Rule of Thumb" would be nice for
>> WAVA,
>> >> btw
>> >> nice word :)
>> >>
>> >> Some directions about this subject can be of some benefits, as
>> security
>> >> pros
>> >> can provide customers with
>> >> "real" estimations and customers can get an idea of what to expect of
>> >> the
>> >> engagement.
>> >>
>> >> Take care,
>> >>
>> >> Simon Roses Femerling
>> >> Consultor en Seguridad / IT Security Consultant
>> >> IT Deusto
>> >> http://www.itdeusto.com
>> >> Madrid, Spain
>> >> ----- Original Message -----
>> >> From: "Daniel Cuthbert" <daniel.cuthbert at owasp.org>
>> >> To: <owasp-testing at lists.sourceforge.net>
>> >> Sent: Wednesday, May 04, 2005 2:06 AM
>> >> Subject: [OWASP-TESTING] final draft of the outline
>> >>
>> >>
>> >>> hey all,
>> >>>
>> >>> Attached is, what i feel, the final draft of the initial outline.
>> >>> If everyone is happy with what is included, i'll spend the remainder
>> >>> of this week creating the sections in which everyone can choose
>> their
>> >>> chosen topic.
>> >>>
>> >>> Obviously the basic penetration testing tips caused an interesting
>> >>> discussion, i'll have a think about the future of them within the
>> >>> testing guide.
>> >>>
>> >>> Look forward to your feedback
>> >>>
>> >>> Daniel
>> >>>
>> >>>
>> >>
>> >>
>> >>
>> >
>> >
>> > Daniel
>> >
>> >
>> > -------------------------------------------------------
>> > This SF.Net email is sponsored by: NEC IT Guy Games.
>> > Get your fingers limbered up and give it your best shot. 4 great
>> events,
>>4
>> > opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
>> > win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20
>> > _______________________________________________
>> > owasp-testing mailing list
>> > owasp-testing at lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/owasp-testing
>> >
>> >
>> >
>> >
>> > -------------------------------------------------------
>> > This SF.Net email is sponsored by: NEC IT Guy Games.
>> > Get your fingers limbered up and give it your best shot. 4 great
>> events,
>>4
>> > opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
>> > win an NEC 61 plasma display. Visit http://www.necitguy.com/?r
>> > _______________________________________________
>> > owasp-testing mailing list
>> > owasp-testing at lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/owasp-testing
>> >
>>
>>
>>Daniel
>>
>>
>>-------------------------------------------------------
>>This SF.Net email is sponsored by: NEC IT Guy Games.
>>Get your fingers limbered up and give it your best shot. 4 great events,
>> 4
>>opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
>>win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20
>>_______________________________________________
>>owasp-testing mailing list
>>owasp-testing at lists.sourceforge.net
>>https://lists.sourceforge.net/lists/listinfo/owasp-testing
>
> _________________________________________________________________
> Send a sexy animated wink with Messenger 7.0 - FREE download!
> http://messenger.msn.co.uk
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: NEC IT Guy Games.
> Get your fingers limbered up and give it your best shot. 4 great events, 4
> opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
> win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20
> _______________________________________________
> owasp-testing mailing list
> owasp-testing at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-testing
>


Daniel




More information about the Owasp-testing mailing list