[Owasp-testing] Comparison between our testing guide and the OSSTMM(Open Source Security Testing Methodology Manual)

James Kist kist at meridiansecurity.net
Thu Jan 18 19:03:13 EST 2007


The Information Systems Security Assessment Framework (ISSAF) at
http://www.oissg.org/content/view/71/71/ has the following relevant
chapters:
 
WEB APPLICATION SECURITY ASSESSMENT
WEB APPLICATION SECURITY ASSESSMENT (CONTINUE.) - SQL INJECTIONS
SOURCE CODE AUDITING
BINARY AUDITING
APPLICATION SECURITY EVALUATION CHECKLIST
DATABASE SECURITY ASSESSMENT
 
We should also look at this guide to see if we missed anything. 
 
 
  _____  

From: owasp-testing-bounces at lists.owasp.org
[mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Dinis Cruz
Sent: Thursday, January 18, 2007 6:15 PM
To: owasp-testing at lists.owasp.org
Subject: [Owasp-testing] Comparison between our testing guide and the
OSSTMM(Open Source Security Testing Methodology Manual)


It would be good to know (and to even include in our version of the Guide)
what are the differences between OWASP Testing Guide and
http://www.isecom.org/osstmm/ 

If there major section(s) in the OSSTMM that are not covered in the OWASP
Testing Guide but are relevant to its audience, then we should add the
respective references 

Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?
http://www.owasp.org 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20070118/0b3501da/attachment.html 


More information about the Owasp-testing mailing list