[Owasp-testing] OSSTMM manual

Daniel Cuthbert daniel.cuthbert at owasp.org
Thu Jan 18 21:13:44 EST 2007


the OSSTMM has way too much waffle included imho, when Mark and I  
originally did ver 1, we agreed on less waffle, more meat
On 19 Jan 2007, at 06:55, Eoin wrote:

> HI,
> The OSSTMM manual covers more than just App Sec.
> but some areas of interest would be :
>
> Security Metrics
> Legal Penetration Testing Checklist
> Competitive Intelligence
>
> maybe we should consider new sections after this initial release.  
> say release 2.1?
> Also the metrics data/info can be ref'ed from the owasp metrics  
> project and the guys from that project in some manner?
> http://www.owasp.org/index.php/ 
> Category:OWASP_Application_Security_Metrics_Project
>
> I also think we should stay away to a degree from academia/theory  
> and stay a little more hands on in the testing guide?
> what ya all think?
>
>
> -- 
> Eoin Keary OWASP - Ireland
> http://www.owasp.org/local/ireland.html
> http://www.owasp.org/index.php/OWASP_Testing_Project
> http://www.owasp.org/index.php/OWASP_Code_Review_Project
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-testing

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20070119/e7283acb/attachment.html 


More information about the Owasp-testing mailing list