[Owasp-testing] OSSTMM manual

Dinis Cruz dinis at ddplus.net
Mon Jan 22 18:16:12 EST 2007


That image is actually a good one, can you put a variation of it on the
guide?

It also shows exactly why there should some references to the OSSTMM in the
Guide

Dinis

On 1/19/07, Matteo Meucci <matteo.meucci at gmail.com> wrote:
>
> Hi,
> IMHO:
>
> 1) OWASP and OSSTMM are complementary: the first focuses on Web
> Application Security, the second focuses on System and Network
> Security.
> I agree with Eoin, the Testing Guide is more practical.
> As you can see in the attachment (I don't know if that will be
> eliminated by the mail server), Raoul Chiesa and I talked about that
> at the IDC Banking Forum 2005.
>
> 2) OSSTMM cites OWASP in their methodology for the Web Application
> Security field because it doesn't go deeply into this argument.
>
> 3) ISSAF is similar to our Testing Guide, but once again this is not
> totally focused on Web Application Security and the approach is
> different.
>
> http://www.oissg.org/component/option,com_docman/task,cat_view/gid,66/Itemid,134/
>
> 4) Testing Guide Version 2.1
> As PDP has suggested me, I'd like to create a new chapter on Client
> side Testing: flash, java, ecc...nowadays Web 2.0 moves a part of the
> application on the client side.
>
> Mat
>
>
>
>
> On 1/19/07, Jeff Williams <jeff.williams at aspectsecurity.com> wrote:
> > > [1] Previous versions of the OWASP documents used the
> > > GFDL license. I've never seen the reasoning behind the license change.
> > > Anyone care to point me to it?
> >
> > The CC Attribution Share-Alike (
> http://creativecommons.org/licenses/by-sa/2.5/) was designed by Lawrence
> Lessig precisely for wiki content.  The basic idea is that you can reference
> the material to the licensor without having to attribute back to all of the
> original authors (which could be very difficult).
> >
> > It suits our work at OWASP very well. The GFDL is large and complex and
> wasn't really designed for a wiki (see
> http://www.usemod.com/cgi-bin/mb.pl?FreeDocumentationLicense).
> >
> > --Jeff
> >
> > _______________________________________________
> > Owasp-testing mailing list
> > Owasp-testing at lists.owasp.org
> > http://lists.owasp.org/mailman/listinfo/owasp-testing
> >
>
>
> --
> Matteo Meucci
> OWASP-Italy Chair, CISSP, CISA
> http://www.owasp.org/index.php/Italy
> OWASP Testing Guide AoC lead
> http://www.owasp.org/index.php/Testing_Guide
>
>
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-testing
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20070122/7c7e31b6/attachment.html 


More information about the Owasp-testing mailing list