[Owasp-testing] WARNING: Dummies & Managers Ahead (aka my 2 cents for you...)
wata.34mt at coresecurity.com
Wed Oct 18 13:58:22 EDT 2006
IMHO we should try to be concise with everything that is repeated
elsewhere and give pointers so that newbies can follow. On the other
hand, it is really a nuisance to follow eight links to read one article,
so there should be some tradeoff (which each contributor could manage
with out further explainations). :)
> HI Matteo,
> If the majority of the team wish to add the "idiots guide" (this makes
> me smile), then so be it, cool.
> I think we should be carefull that we dont reinvent the wheel or repeat
> definitions that we already have on the site. We can simply add a URL
> to a section on the OWASP site to the same information.?
> Matteo (Meucci), as technical AoC lead, its your call, if thats ok with
> On 18/10/06, *Matteo G.P. Flora* <mf at matteoflora.com
> <mailto:mf at matteoflora.com>> wrote:
> On 10/18/06, Eoin <eoinkeary at gmail.com <mailto:eoinkeary at gmail.com>>
> > I think the agreement already is to stick to the "how to test"
> > and leave the theory and background other section of the site
> which already
> > exist.
> Hi Eoin and thanx for the answer,
> sorry for being blunt, but I humbly think this way you'll just loose
> 80% of the audience.
> The world isnt' made by pentest-geniouses and while I don't suggest to
> explain "what a cookie is" I strongly suggest to give the idiots a
> "That's, of course, just my 2eurocents, but you can't suppose everyone
> will know everything and all the document risks to be setted in a
> corner for reference only by managers. And this means it will be
> setted in a corner by decision makers. And this means less and less
> That's, of course, just my opinion having to handle to tenths of
> organizations that choose ISO27001 over OSSTTMM for VA only because
> thay understand the former and not the latter...
> This said it's not a religious belief on my side and I may be (and
> probabily am) wrong...
> Think about how many people know laws... And what's the problem of laws?
> "The former article XXX of YYY is changed according to YYY and XXX
> while articole WWW will modify TTT to be real at EEE on ZZZ."
> My 2eurocents as always and I'll not pursue this more.
> Matteo G.P. Flora | mf at matteoflora.com <mailto:mf at matteoflora.com> |
> www.MatteoFlora.com <http://www.MatteoFlora.com>
> Pres. Milano AIP-ITCS #2657 | IEEE CS Member #80409490 | WOT Notary
> Direttore Tecnico Osservatorio Permanente Privacy e Sicurezza (OPSI)
> Privacy & Security Consultant | Forensic Examiner | SEO Expert
> Secure Channel | pgp F3B6BC10 | 1984-at-nym.hush-dot-com
> Eoin Keary OWASP - Ireland
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
More information about the Owasp-testing