[Owasp-testing] Brainstorming about the new Index

s4tan s4tan at ictsc.it
Tue Oct 10 16:29:27 EDT 2006


I agree with Carlo, "3.4 Phase 3" overlap whit "Code review project" IMHO.

Ok, security code review is fundamental, but there is a completely 
different project for that, it is useless to overlap the two project.
We can link the section with the Code review projects.

One thing again, I think we can avoid to rename White box in Gray box, 
because the "Phase 2" is about white box and not gray box methodology.

Carlo Pelliccioni ha scritto:
> I'm sorry, I meant "3.4 Phase 3" (During development) and not Phase 4.
>
> Bye
> Carlo
>
> On 10/10/06, *Eoin* < eoinkeary at gmail.com 
> <mailto:eoinkeary at gmail.com>> wrote:
>
>     Hi,
>     If you fee that we could "Push" any of the sections into the code
>     review guide or the Development guide please suggest.
>
>
>     On 10/10/06, *Carlo Pelliccioni * <carlo.pelliccioni at gmail.com
>     <mailto:carlo.pelliccioni at gmail.com>> wrote:
>
>         Hi,
>
>         I think that the new index is good but the Phase 4 (During
>         development) is useless in this testing guide (I think).
>         How do you feel about this?
>
>         Bye bye
>         Carlo
>
>
>
>         On 10/10/06, *Eoin* <eoinkeary at gmail.com
>         <mailto:eoinkeary at gmail.com>> wrote:
>
>             Hi,
>
>             Sounds very promising but take into account that the
>             Autumn of Code project is of a finite time.
>
>             It is important to consider:
>
>             In order to re-write all the chapters AND add the required
>             new content shall take some time. The completion date is
>             the 31st December 2006 which gives us about 11 weeks, not
>             much time from my experience of developing the existing
>             Testing guide.
>
>             It would be better not to take too much on and miss the
>             completion date. The guide shall be ever evolving and the
>             aim of this AoC project is to consolidate the existing
>             guide and NOT to perform a complete rewrite.
>
>             So my concern is the amount of time we have to complete
>             this project Vs the ever expanding scope of work.
>
>             regards,
>
>             Eoin,
>             OWASP Testing Guide Lead and coordinator.
>
>
>
>
>
>             On 10/10/06, Matteo Meucci < matteo.meucci at gmail.com
>             <mailto:matteo.meucci at gmail.com>> wrote:
>             > Hi all,
>             > What do you think about the new Index?
>             > http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents
>             <http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents>
>             >
>             > 1) Look at the doc "OWASPTesting_PhaseOne"
>             > (http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=62285
>             <http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=62285>)
>             > IMHO I think we have to insert the Chaper 2" Principle of
>             testing" ,
>             > Chapter 3 "Testing techniques explained" and "The OWASP
>             Testing
>             > Framework" as first chapter of this guide.
>             >
>             > 2) I'd like to rename Chapter 4 from "Manual testing
>             techniques" to
>             > "Web Application Penetration Testing".
>             >
>             > 3) In accordance with Alberto Revelli, we think to create
>             a new
>             > template for Chapter 4:
>             > 1 Short Description of the Issue
>             > 2 How to Test
>             >     2.1 Black Box testing and example
>             >     2.2 White Box testing and example
>             > 3 References
>             >     Whitepapers
>             >     Tools
>             > What do you think about that? More, may be we have to
>             rename White Box
>             > in Gray box, so it is clear the difference between
>             penetration testing
>             > (Black and Gray Box) and Code Review (White Box) that is
>             a different
>             > OWASP Project.
>             >
>             > What are your feed back?
>             > Thanks,
>             > Mat
>             >
>             >
>             >
>             >
>             > --
>             > Matteo Meucci
>             > OWASP-Italy Chair, CISSP, CISA
>             > site: http://www.owasp.org/index.php/Italy
>             <http://www.owasp.org/index.php/Italy>
>             > mail: matteo.meucci at owasp.org
>             <mailto:matteo.meucci at owasp.org>
>             > ml: http://lists.owasp.org/mailman/listinfo/owasp-italy
>             > _______________________________________________
>             > Owasp-testing mailing list
>             > Owasp-testing at lists.owasp.org
>             <mailto:Owasp-testing at lists.owasp.org>
>             > http://lists.owasp.org/mailman/listinfo/owasp-testing
>             >
>
>
>             -- 
>             Eoin Keary OWASP - Ireland
>             http://www.owasp.org/local/ireland.html
>
>             OWASP Testing Project Lead
>             http://www.owasp.org/index.php/OWASP_Testing_Project
>
>             OWASP Code Review Project Lead
>             http://www.owasp.org/index.php/OWASP_Code_Review_Project
>
>             OWASP Live CD Lead
>
>             _______________________________________________
>             Owasp-testing mailing list
>             Owasp-testing at lists.owasp.org
>             <mailto:Owasp-testing at lists.owasp.org>
>             http://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
>
>
>         _______________________________________________
>         Owasp-testing mailing list
>         Owasp-testing at lists.owasp.org
>         <mailto:Owasp-testing at lists.owasp.org>
>         http://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
>
>
>
>     -- 
>     Eoin Keary OWASP - Ireland
>     http://www.owasp.org/local/ireland.html
>     <http://www.owasp.org/local/ireland.html>
>
>     OWASP Testing Project Lead
>     http://www.owasp.org/index.php/OWASP_Testing_Project
>
>     OWASP Code Review Project Lead
>     http://www.owasp.org/index.php/OWASP_Code_Review_Project
>     <http://www.owasp.org/index.php/OWASP_Code_Review_Project>
>
>     OWASP Live CD Lead
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-testing
>   




More information about the Owasp-testing mailing list