[Owasp-testing] Brainstorming about the new Index

Matteo Meucci matteo.meucci at gmail.com
Tue Oct 10 10:32:24 EDT 2006


I agree.
Mat

On 10/10/06, Mark Roxberry <mark.roxberry at mpi.us.com> wrote:
>  Hi everyone,
>
> I am new to the testing list, so please forgive my presumptuousness, but I
> think 3.4 Phase 3 absolutely needs to be here.  Moreover,  I believe UNIT
> TESTING needs to be added to 3.4 Phase 3.  In my opinion, it would be a
> mistake to *not* include a section for testing during development.  There
> are several tools for this, JUNIT, NUNIT, FxCOP that can be used to check
> for function bounds and any security rules.
>
> Regards,
>
> Mark
>
> Mark Roxberry, CISSP, CEH
>
>
>
>  ________________________________
>  From: "Carlo Pelliccioni" <carlo.pelliccioni at gmail.com>
> Sent: Tuesday, October 10, 2006 6:57 AM
> To: owasp-testing at lists.owasp.org
> Subject: Re: [Owasp-testing] Brainstorming about the new Index
>
> I'm sorry, I meant "3.4 Phase 3" (During development) and not Phase 4.
>
> Bye
> Carlo
>
> On 10/10/06, Eoin < eoinkeary at gmail.com> wrote:
> > Hi,
> > If you fee that we could "Push" any of the sections into the code review
> guide or the Development guide please suggest.
> >
> >
> >
> > On 10/10/06, Carlo Pelliccioni <carlo.pelliccioni at gmail.com> wrote:
> > > Hi,
> > >
> > > I think that the new index is good but the Phase 4 (During development)
> is useless in this testing guide (I think).
> > > How do you feel about this?
> > >
> > > Bye bye
> > > Carlo
> > >
> > >
> > >
> > >
> > > On 10/10/06, Eoin <eoinkeary at gmail.com> wrote:
> > >
> > > > Hi,
> > > >
> > > > Sounds very promising but take into account that the Autumn of Code
> project is of a finite time.
> > > >
> > > > It is important to consider:
> > > >
> > > > In order to re-write all the chapters AND add the required new content
> shall take some time. The completion date is the 31st December 2006 which
> gives us about 11 weeks, not much time from my experience of developing the
> existing Testing guide.
> > > >
> > > > It would be better not to take too much on and miss the completion
> date. The guide shall be ever evolving and the aim of this AoC project is to
> consolidate the existing guide and NOT to perform a complete rewrite.
> > > >
> > > > So my concern is the amount of time we have to complete this project
> Vs the ever expanding scope of work.
> > > >
> > > > regards,
> > > >
> > > > Eoin,
> > > > OWASP Testing Guide Lead and coordinator.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On 10/10/06, Matteo Meucci < matteo.meucci at gmail.com> wrote:
> > > >
> > > > > Hi all,
> > > > > What do you think about the new Index?
> > > > >
> http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents
> > > > >
> > > > > 1) Look at the doc "OWASPTesting_PhaseOne"
> > > > >
> (http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=62285
> )
> > > > > IMHO I think we have to insert the Chaper 2" Principle of testing" ,
> > > > > Chapter 3 "Testing techniques explained" and "The OWASP Testing
> > > > > Framework" as first chapter of this guide.
> > > > >
> > > > > 2) I'd like to rename Chapter 4 from "Manual testing techniques" to
> > > > > "Web Application Penetration Testing".
> > > > >
> > > > > 3) In accordance with Alberto Revelli, we think to create a new
> > > > > template for Chapter 4:
> > > > > 1 Short Description of the Issue
> > > > > 2 How to Test
> > > > >     2.1 Black Box testing and example
> > > > >     2.2 White Box testing and example
> > > > > 3 References
> > > > >     Whitepapers
> > > > >     Tools
> > > > > What do you think about that? More, may be we have to rename White
> Box
> > > > > in Gray box, so it is clear the difference between penetration
> testing
> > > > > (Black and Gray Box) and Code Review (White Box) that is a different
> > > > > OWASP Project.
> > > > >
> > > > > What are your feed back?
> > > > > Thanks,
> > > > > Mat
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > > > --
> > > > > Matteo Meucci
> > > > > OWASP-Italy Chair, CISSP, CISA
> > > > > site: http://www.owasp.org/index.php/Italy
> > > > > mail: matteo.meucci at owasp.org
> > > > > ml:
> http://lists.owasp.org/mailman/listinfo/owasp-italy
> > > > > _______________________________________________
> > > > > Owasp-testing mailing list
> > > > > Owasp-testing at lists.owasp.org
> > > > >
> http://lists.owasp.org/mailman/listinfo/owasp-testing
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Eoin Keary OWASP - Ireland
> > > > http://www.owasp.org/local/ireland.html
> > > >
> > > > OWASP Testing Project Lead
> > > > http://www.owasp.org/index.php/OWASP_Testing_Project
> > > >
> > > > OWASP Code Review Project Lead
> > > >
> http://www.owasp.org/index.php/OWASP_Code_Review_Project
> > > >
> > > > OWASP Live CD Lead
> > > >
> > > > _______________________________________________
> > > > Owasp-testing mailing list
> > > > Owasp-testing at lists.owasp.org
> > > > http://lists.owasp.org/mailman/listinfo/owasp-testing
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > > _______________________________________________
> > > Owasp-testing mailing list
> > > Owasp-testing at lists.owasp.org
> > > http://lists.owasp.org/mailman/listinfo/owasp-testing
> > >
> > >
> > >
> >
> >
> >
> >
> > --
> > Eoin Keary OWASP - Ireland
> > http://www.owasp.org/local/ireland.html
> >
> > OWASP Testing Project Lead
> > http://www.owasp.org/index.php/OWASP_Testing_Project
> >
> > OWASP Code Review Project Lead
> > http://www.owasp.org/index.php/OWASP_Code_Review_Project
> >
> > OWASP Live CD Lead
>
>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
>


-- 
Matteo Meucci
OWASP-Italy Chair, CISSP, CISA
site: http://www.owasp.org/index.php/Italy
mail: matteo.meucci at owasp.org
ml: http://lists.owasp.org/mailman/listinfo/owasp-italy



More information about the Owasp-testing mailing list