[Owasp-testing] OSSTMM manual

Matteo Meucci matteo.meucci at gmail.com
Fri Jan 19 10:50:19 EST 2007


Hi,
IMHO:

1) OWASP and OSSTMM are complementary: the first focuses on Web
Application Security, the second focuses on System and Network
Security.
I agree with Eoin, the Testing Guide is more practical.
As you can see in the attachment (I don't know if that will be
eliminated by the mail server), Raoul Chiesa and I talked about that
at the IDC Banking Forum 2005.

2) OSSTMM cites OWASP in their methodology for the Web Application
Security field because it doesn't go deeply into this argument.

3) ISSAF is similar to our Testing Guide, but once again this is not
totally focused on Web Application Security and the approach is
different.
http://www.oissg.org/component/option,com_docman/task,cat_view/gid,66/Itemid,134/

4) Testing Guide Version 2.1
As PDP has suggested me, I'd like to create a new chapter on Client
side Testing: flash, java, ecc...nowadays Web 2.0 moves a part of the
application on the client side.

Mat




On 1/19/07, Jeff Williams <jeff.williams at aspectsecurity.com> wrote:
> > [1] Previous versions of the OWASP documents used the
> > GFDL license. I've never seen the reasoning behind the license change.
> > Anyone care to point me to it?
>
> The CC Attribution Share-Alike (http://creativecommons.org/licenses/by-sa/2.5/) was designed by Lawrence Lessig precisely for wiki content.  The basic idea is that you can reference the material to the licensor without having to attribute back to all of the original authors (which could be very difficult).
>
> It suits our work at OWASP very well. The GFDL is large and complex and wasn't really designed for a wiki (see http://www.usemod.com/cgi-bin/mb.pl?FreeDocumentationLicense).
>
> --Jeff
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-testing
>


-- 
Matteo Meucci
OWASP-Italy Chair, CISSP, CISA
http://www.owasp.org/index.php/Italy
OWASP Testing Guide AoC lead
http://www.owasp.org/index.php/Testing_Guide
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OWASP&OSSTMM.PNG
Type: image/png
Size: 56788 bytes
Desc: not available
Url : http://lists.owasp.org/pipermail/owasp-testing/attachments/20070119/6e514368/attachment-0001.png 


More information about the Owasp-testing mailing list