[Owasp-testing] Brainstorming about the new Index

Matteo Meucci matteo.meucci at gmail.com
Fri Oct 13 06:08:56 EDT 2006


Hi Matteo,
in our last discussions we have defined a template like that:

* Short Description of the Issue (Topic and Explanation)
* Black Box testing and example
   - Testing for Topic X vulnerabilities:
   - Result Expected:
* Gray Box testing and example (if any)
   - Testing for Topic X vulnerabilities:
   - Result Expected:
* References
   - Whitepapers
   - Tools

Dan, I've merged the old teplate with your idea...does it works for you?
Any other suggestions/comments

Thanks,
Mat

On 10/13/06, Matteo Benedetti <mbenedetti at security-research.it> wrote:
> Cool brainstorming!
> Here my idea:
>
> why not choose a common and, if possible, fixed template for every
> paragraph, so as to increase readablenes: this is a test guide, not
> the encyclopedia of web applications attacks but noteven a simple
> checklist...
>
> Without common template does not exist an paragraph similar to an other
>
> My (poor) example for paragraph template:
>
> attack theory and requirements
> code
> practical examples
> attended issue
> impact
> countermeasures
> tips
> other attacks correlation (a clew between attacks)
> reference
> tools
>
> etc etc
>
> Feel free to add or delete items
>
> Matteo
>


-- 
Matteo Meucci
OWASP-Italy Chair, CISSP, CISA
site: http://www.owasp.org/index.php/Italy
mail: matteo.meucci at owasp.org
ml: http://lists.owasp.org/mailman/listinfo/owasp-italy



More information about the Owasp-testing mailing list