[OWASP-TESTING] final draft of the outline
Larry.Shields at FMR.COM
Thu May 5 08:52:33 EDT 2005
I agree. Especially in black box testing, you can provide some rough
rule of thumb stuff for a timebox for various applications. It will at
least provide a rough guesstimate for the poor project manager who's
trying to make sure the application is secure and needs to put some
number in the budget.
From: Revelli Alberto [mailto:a.revelli at reply.it]
Sent: Thursday, May 05, 2005 6:54 AM
To: owasp-testing at lists.sourceforge.net
Subject: RE: [OWASP-TESTING] final draft of the outline
>True, but a guideline (with a massive caveat stating this isnt set in
>concrete blah blah blah) would help companies who have zero
>understanding of app testing to understand if they are being taken for
I agree that needed resources heavily depend on the
complexity/size/insert_your_favorite_variable_here of the application,
but exactly for this reason it would be great to provide a few hints to
help companies to have some clues about how much effort is needed to
test their apps.
>Ok, hows about i'll write up the section and everyone can review it
>once the rest of the sections are finished?
Sounds great :)
This SF.Net email is sponsored by: NEC IT Guy Games.
Get your fingers limbered up and give it your best shot. 4 great events,
4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
win an NEC 61 plasma display. Visit http://www.necitguy.com/?r
owasp-testing mailing list
owasp-testing at lists.sourceforge.net
More information about the Owasp-testing