[OWASP-TESTING] final draft of the outline

Shields, Larry Larry.Shields at FMR.COM
Thu May 5 08:52:33 EDT 2005

I agree.  Especially in black box testing, you can provide some rough
rule of thumb stuff for a timebox for various applications.  It will at
least provide a rough guesstimate for the poor project manager who's
trying to make sure the application is secure and needs to put some
number in the budget.


-----Original Message-----
From: Revelli Alberto [mailto:a.revelli at reply.it] 
Sent: Thursday, May 05, 2005 6:54 AM
To: owasp-testing at lists.sourceforge.net
Subject: RE: [OWASP-TESTING] final draft of the outline

>True, but a guideline (with a massive caveat stating this isnt set in 
>concrete blah blah blah) would help companies who have zero 
>understanding of app testing to understand if they are being taken for
a ride.

I agree that needed resources heavily depend on the
complexity/size/insert_your_favorite_variable_here of the application,
but exactly for this reason it would be great to provide a few hints to
help companies to have some clues about how much effort is needed to
test their apps.

>Ok, hows about i'll write up the section and everyone can review it 
>once the rest of the sections are finished?

Sounds great :)



This SF.Net email is sponsored by: NEC IT Guy Games.
Get your fingers limbered up and give it your best shot. 4 great events,
4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
win an NEC 61 plasma display. Visit http://www.necitguy.com/?r
owasp-testing mailing list
owasp-testing at lists.sourceforge.net

More information about the Owasp-testing mailing list