[Owasp-testing] WARNING: Dummies & Managers Ahead (aka my 2 cents for you...)

Ariel Waissbein wata.34mt at coresecurity.com
Wed Oct 18 13:58:22 EDT 2006


Hi all,

IMHO we should try to be concise with everything that is repeated
elsewhere and give pointers so that newbies can follow. On the other
hand, it is really a nuisance to follow eight links to read one article,
so there should be some tradeoff (which each contributor could manage
with out further explainations). :)

Cheers,
Ariel

Eoin wrote:
> HI Matteo,
> If the majority of the team wish to add the "idiots guide" (this makes
> me smile), then so be it, cool.
>  
> I think we should be carefull that we dont reinvent  the wheel or repeat
> definitions that we already have on the site. We can simply add a URL
> to a section on the OWASP site to the same information.?
>  
> Matteo (Meucci), as technical AoC lead, its your call, if thats  ok with
> everyone?
>  
> Eoin
>  
> 
> 
>  
> On 18/10/06, *Matteo G.P. Flora* <mf at matteoflora.com
> <mailto:mf at matteoflora.com>> wrote:
> 
>     On 10/18/06, Eoin <eoinkeary at gmail.com <mailto:eoinkeary at gmail.com>>
>     wrote:
>     ...
>     > I think the  agreement already is to stick to the "how to test"
>     information
>     > and leave the theory and background other section of the site
>     which already
>     > exist.
> 
>     Hi Eoin and thanx for the answer,
> 
>     sorry for being blunt, but I humbly think this way you'll just loose
>     80% of the audience.
>     The world isnt' made by pentest-geniouses and while I don't suggest to
>     explain "what a cookie is" I strongly suggest to give the idiots a
>     chance...
> 
>     "That's, of course, just my 2eurocents, but you can't suppose everyone
>     will know everything and all the document risks to be setted in a
>     corner for reference only by managers. And this means it will be
>     setted in a corner by decision makers. And this means less and less
>     adoption...
> 
>     That's, of course, just my opinion having to handle to tenths of
>     organizations that choose ISO27001 over OSSTTMM for VA only because
>     thay understand the former and not the latter...
> 
>     This said it's not a religious belief on my side and I may be (and
>     probabily am) wrong...
> 
>     Think about how many people know laws... And what's the problem of laws?
> 
>     "The former article XXX of YYY is changed according to YYY and XXX
>     while articole WWW will modify TTT to be real at EEE on ZZZ."
> 
> 
> 
>     My 2eurocents as always and I'll not pursue this more.
> 
>     MgpF
> 
>     --
>     Matteo G.P. Flora | mf at matteoflora.com <mailto:mf at matteoflora.com> |
>     www.MatteoFlora.com <http://www.MatteoFlora.com>
>     Pres. Milano AIP-ITCS #2657 | IEEE CS Member #80409490 | WOT Notary
>     Direttore Tecnico Osservatorio Permanente Privacy e Sicurezza (OPSI)
>     Privacy & Security Consultant | Forensic Examiner | SEO Expert
>     Secure Channel | pgp F3B6BC10 | 1984-at-nym.hush-dot-com
> 
> 
> 
> 
> -- 
> Eoin Keary OWASP - Ireland
> http://www.owasp.org/local/ireland.html
> <http://www.owasp.org/local/ireland.html>
> http://www.owasp.org/index.php/OWASP_Testing_Project
> http://www.owasp.org/index.php/OWASP_Code_Review_Project
> <http://www.owasp.org/index.php/OWASP_Code_Review_Project>
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-testing



More information about the Owasp-testing mailing list